[Federal Register Volume 86, Number 209 (Tuesday, November 2, 2021)]
[Notices]
[Pages 60496-60498]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-23821]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. PA-57; File No. S7-14-21]


Privacy Act of 1974; System of Records

AGENCY: Securities and Exchange Commission.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (SEC) established SEC-
34, Public Health and Safety Records under the Privacy Act of 1974. 
This system of records maintains information collected in response to a 
public health emergency. Information will be collected from SEC 
personnel (political appointees, employees, consultants, detailees, 
interns, and volunteers), contractors, visitors, job applicants, and 
others who access or seek to access SEC facilities or worksites to 
assist the SEC with maintaining a safe and healthy workplace and to 
protect its workforce from risks associated with communicable diseases.

DATES: The changes will become effective December 2, 2021 to permit 
public comment on the new and revised routine uses. The Commission will 
publish a new notice if the effective date is delayed to review 
comments or if changes are made based on comments received. To assure 
consideration, comments should be received on or before December 2, 
2021.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's internet comment form (http://www.sec.gov/rules/other.shtml); or
     Send an email to [email protected]. Please include 
File Number S7-14-21 on the subject line.

Paper Comments

    Send paper comments to Vanessa A. Countryman, Secretary, U.S. 
Securities and Exchange Commission, 100 F Street NE, Washington, DC 
20549-1090. All submissions should refer to S7-14-21. This file number 
should be included on the subject line if email is used. To help 
process and review your comments more efficiently, please use only one 
method. The Commission will post all comments on the Commission's 
internet website (http://www.sec.gov/rules/other.shtml). Comments are 
also available for website viewing and printing in the Commission's 
Public Reference Room, 100 F Street NE, Washington, DC 20549, on 
official business days between the hours of 10 a.m. and 3 p.m. All 
comments received will be posted without change; we do not edit 
personal identifying information from submissions. You should submit 
only information that you wish to make publicly available.

FOR FURTHER INFORMATION CONTACT: For general and privacy related 
questions please contact: Ronnette McDaniel, Privacy and Information 
Assurance Branch Chief, 202-551-7200 or [email protected].

SUPPLEMENTARY INFORMATION: In order to collect and maintain contractor, 
visitor and job applicant disclosures, the SEC established SEC-34, 
Public Health and Safety Records, a system of records under the Privacy 
Act. The SEC is committed to maintaining a safe and healthy workplace 
and to protect its workforce from risks associated with a public health 
emergency. To ensure and maintain the safety of all SEC personnel 
(political appointees, employees, consultants, detailees, interns, and 
volunteers), contractors, visitors, job applicants, and others who 
access or seek to access an SEC facility, space, or worksite during a 
public health emergency, the SEC may develop and institute safety 
measures that require the collection of personal information. Records 
may include information on individuals' vaccination status and 
information to support a request for reasonable accommodation based on 
disability or sincerely held religious belief. Records also may include 
information on individuals who have been suspected or confirmed to have 
contracted a disease or illness, or who have been exposed to an 
individual who had been suspected or confirmed to have contracted a 
disease or illness, related to a declared public health emergency. 
Records may also include information on the individual circumstances 
surrounding the disease or illness such as dates of suspected exposure, 
testing results, symptoms, treatments, and other related health status 
information. Any contact tracing conducted by SEC personnel will 
involve collecting information about SEC personnel, contractors and 
visitors who are exhibiting symptoms or who have tested positive for an 
infectious disease in order to identify and notify other SEC personnel, 
contractors and visitors with whom they may have come into contact and 
who may have been exposed. Records may also include information on 
individuals identified as emergency contacts for SEC personnel.
    Information from this system of records will be collected, 
maintained, and disclosed in accordance with applicable law, 
regulations, and statutes, including, but not limited to; the Americans 
with Disabilities Act of 1990 and regulations and guidance published by 
the U.S. Occupational Safety and Health Administration, the U.S. Equal 
Employment Opportunity Commission, and the U.S. Centers for Disease 
Control and Prevention.

SYSTEM NAME AND NUMBER:
    SEC-34 Public Health and Safety Records.

SECURITY CLASSIFICATION:
    Non-classified.

SYSTEM LOCATION:
    Securities and Exchange Commission (SEC), 100 F Street NE, 
Washington, DC 20549. Files may also be maintained in the following SEC 
Regional Offices: Atlanta Regional Office (ARO), 950 East Paces Ferry 
Road NE, Suite 900, Atlanta, GA 30326-1382; Boston Regional Office 
(BRO), 33 Arch Street, 24th Floor, Boston, MA 02110-1424; Chicago 
Regional Office (CHRO), 175 W Jackson Boulevard, Suite 1450, Chicago, 
IL 60604; Denver Regional Office (DRO), Byron Rogers Federal Office 
Building,

[[Page 60497]]

1961 Stout Street, Suite 1700, Denver, CO 80294-1961; Fort Worth 
Regional Office (FWRO), Burnett Plaza, 801 Cherry Street, Suite 1900, 
Unit 18, Fort Worth, TX 76102; Los Angeles Regional Office (LARO), 444 
South Flower Street, Suite 900, Los Angeles, CA 90071; Miami Regional 
Office (MIRO), 801 Brickell Avenue, Suite 1950, Miami, FL 33131; New 
York Regional Office (NYRO), Brookfield Place, 200 Vesey Street, Suite 
400, New York, NY 10281-1022; Philadelphia Regional Office (PLRO), One 
Penn Center, 1617 John F. Kennedy Boulevard, Suite 520, Philadelphia, 
PA 19103-1844; Salt Lake Regional Office (SLRO), 351 S West Temple St., 
Suite 6.100, Salt Lake City, UT 84101; and San Francisco Regional 
Office (SFRO), 44 Montgomery Street, Suite 2800, San Francisco, CA 
94104.

SYSTEM MANAGER(S):
    Chief Operating Officer, Securities and Exchange Commission, 100 F 
Street NE, Washington, DC 20549.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority to collect this information derives from General Duty 
Clause, Sections 5(a)(1) and 19(a) of the Occupational Safety and 
Health (OSH) Act of 1970 (29 U.S.C. 654(a)(1), 668(a)); Section 319 of 
the Public Health Service Act (42 U.S.C. 247d); E.O. 12196, 
Occupational Safety and Health Programs for Federal Employees (Feb. 26, 
1980); E.O 13991, Protecting the Federal Workforce and Requiring Mask-
Wearing; (Jan. 25, 2021); Executive Order on Ensuring Adequate COVID 
Safety Protocols for Federal Contractors (September 9, 2021); Executive 
Order on Requiring Coronavirus Disease 2019 Vaccination for Federal 
Employees (September 9, 2021); OMB Memorandum M-20-23 Aligning Federal 
Agency Operations with the National Guidelines for Opening Up America 
Again (Apr. 20, 2020); and OMB Memorandum M-21-15 COVID-19 Safe Federal 
Workplace: Agency Model Safety Principles (Jan. 24, 2021). Information 
will be collected and maintained in accordance with the Americans with 
Disabilities Act of 1990 (42 U.S.C. 12101 et seq.)

PURPOSE(S) OF THE SYSTEM:
    The information in the system is collected to assist the SEC with 
maintaining a safe and healthy workplace and to protect its workforce 
from risks associated with communicable diseases that the Secretary of 
the Department of Health and Human Services has determined to be a 
public health emergency pursuant to Section 319(a) of the Public Health 
Service Act (42 U.S.C. 247d(a)) (``Public Health Emergency''). Records 
in this system may be collected, maintained, and used to: (1) Determine 
who may be allowed access to SEC facilities or worksites and what 
testing or medical screening is necessary before a person may enter; 
(2) respond to a significant risk of harm to SEC personnel, 
contractors, and visitors, as well as to any others in SEC facilities 
or worksites; (3) document reports that SEC personnel, contractors, or 
any persons who have been in SEC facilities or worksites may have or 
may have been exposed to a communicable disease that is the subject of 
a Public Health Emergency; (4) perform contact tracing investigations 
of and notifications to SEC personnel, contractors, and visitors known 
or suspected of exposure to communicable diseases that are the subject 
of a Public Health Emergency; (5) inform federal, state, or local 
public health authorities so that these authorities may act to protect 
public health as allowed or required by law; (6) implement such actions 
(e.g., quarantine or isolation) as necessary to prevent the 
introduction, transmission, and spread of a communicable disease that 
is the subject of a Public Health Emergency by SEC personnel, 
contractors, and persons who have been in SEC facilities or worksites; 
(7) comply with Occupational Safety and Health Administration Act 
recordkeeping requirements; and (8) process employee requests for 
reasonable accommodation based on disability or sincerely held 
religious belief.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include all SEC personnel 
(political appointees, employees, consultants, detailees, interns, and 
volunteers), contractors, visitors, job applicants, and others who 
access or seek to access SEC facilities or worksites. The system also 
covers individuals identified as emergency contacts for SEC staff.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Information collected and maintained may include, but is not 
limited to:

    --Biographical information: Name and contact information.
    --Health information: Body temperature, dates of and symptoms 
relating to a potential or actual exposure to a pathogen, or 
immunization and/or vaccination information.
    --Information to support a request for reasonable accommodation 
based on disability or sincerely held religious belief.
    --Contact tracing information: Dates of visits to SEC facilities, 
locations visited within the facility (e.g., office and cubicle 
number), the duration of time spent in the facility, dates the SEC was 
made aware of the exposure, and potential contacts between potentially 
contagious persons and others in SEC facilities.
    --Testing Results: Negative results, confirmed or unconfirmed 
positive test results, and documents related to the reasons for testing 
or other aspects of test results.
    --Subsequent actions taken by the SEC to address an incident: 
Identifying and contact information of individuals who have been 
suspected or confirmed to have contracted a communicable disease that 
is the subject of a Public Health Emergency, or who have been exposed 
to an individual who has been suspected or confirmed to have contracted 
a communicable disease that is the subject of a Public Health 
Emergency; individual circumstances and dates of suspected exposure; 
symptoms; and treatments. The SEC uses this information to maintain a 
safe and healthy workplace and to protect its workforce. Although it is 
not the intent for the SEC to collect family medical information, an 
individual may indicate that they were exposed to specific family 
members who have been diagnosed with, or are suspected to have, the 
disease in question. To the extent this information may be acquired 
inadvertently, such information will be kept as a confidential medical 
record and maintained separately from an employee's SEC personnel file.

RECORD SOURCE CATEGORIES:
    The information in this system is collected directly from the 
individual or from the individual's emergency contact. Information may 
also be collected from security systems that monitor access to SEC 
facilities, such as badging systems, video surveillance, human 
resources systems, emergency notification systems, and federal, state, 
and local agencies assisting with the response to a Public Health 
Emergency. Information may also be collected from SEC contractors or 
from property management companies responsible for managing office 
buildings that house SEC facilities or worksites, including the General 
Services Administration (GSA).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records

[[Page 60498]]

or information contained therein may specifically be disclosed outside 
the Commission as a routine use pursuant to 5 U.S.C. 552a(b)(3) as 
follows:
    1. To appropriate agencies, entities, and persons when (a) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (b) the SEC 
has determined that, as a result of the suspected or confirmed 
compromise, there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the SEC or 
another agency or entity) that rely upon the compromised information; 
and (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the SEC's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    2. To a Federal, State, or local agency to the extent necessary to 
comply with laws governing reporting of infectious disease.
    3. To SEC personnel, contractors, visitors, emergency contacts, or 
others to notify an individual (1) who has been exposed or may have 
potentially been exposed to a communicable disease that is the subject 
of a Public Health Emergency of information regarding the exposure or 
potential exposure, or (2) who may have reason to know of circumstances 
that increase the risk of such exposure. To the extent possible, all 
information will be anonymized.
    4. To another Federal agency, to a court, or a party in litigation 
before a court or in an administrative proceeding being conducted by a 
Federal agency when the SEC is a party to the judicial or 
administrative proceeding where the information is relevant and 
necessary to the proceeding.
    5. To employees, grantees, experts, contractors, and others who 
have been engaged by the Commission to assist in the performance of a 
service related to this system of records and who need access to the 
records for the purpose of assisting the Commission in the efficient 
administration of its programs, including by performing clerical, 
stenographic, or data analysis functions, or by reproduction of records 
by electronic or other means. Recipients of these records shall be 
required to comply with the requirements of the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a.
    6. To produce summary descriptive statistics and analytical 
studies, as a data source for management information, in support of the 
function for which the records are collected and maintained or for 
related personnel management functions or manpower studies; may also be 
used to respond to general requests for statistical information 
(without personal identification of individuals) under the Freedom of 
Information Act.
    7. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    8. To members of Congress, the Government Accountability Office, or 
others charged with monitoring the work of the Commission or conducting 
records management inspections.
    9. To another Federal agency or Federal entity, when the SEC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored electronically or on 
paper in secure facilities. Electronic records are stored on the SEC's 
secure network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be 
retrieved by the name of the individual, contact information, or by 
some combination thereof.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records will be maintained until they become inactive, at which 
time they will be retired or destroyed in accordance with records 
schedules of the United States Securities and Exchange Commission, and 
as approved by the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to SEC facilities, data centers, and information or 
information systems is limited to authorized personnel with official 
duties requiring access. SEC facilities are equipped with security 
cameras, and, at certain SEC facilities, 24-hour security guard 
service. Computerized records are safeguarded in a secured environment. 
Security protocols meet the promulgating guidance as established by the 
National Institute of Standards and Technology (NIST) Security 
Standards from Access Control to Data Encryption and Security 
Assessment & Authorization (SA&A). Records are maintained in a secure, 
password-protected electronic system that will utilize commensurate 
safeguards that may include: Firewalls, intrusion detection and 
prevention systems, and role-based access controls. Additional 
safeguards will vary by program. All records are protected from 
unauthorized access through appropriate administrative, operational, 
and technical safeguards. These safeguards include: Restricting access 
to authorized personnel who have a ``need to know''; using locks; and 
password protection identification features. Contractors and other 
recipients providing services to the Commission shall be required to 
maintain equivalent safeguards.

RECORD ACCESS PROCEDURES:
    Persons wishing to obtain information on the procedures for gaining 
access to or contesting the contents of these records may contact the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, 
Mail Stop 5100, Washington, DC 20549-2736.

CONTESTING RECORD PROCEDURES:
    See Record Access Procedures above.

NOTIFICATION PROCEDURES:
    All requests to determine whether this system of records contains a 
record pertaining to the requesting individual may be directed to the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, 
Mail Stop 5100, Washington, DC 20549-2736.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    New SORN.

    By the Commission.

    Dated: October 27, 2021.
Vanessa A. Countryman,
Secretary.
[FR Doc. 2021-23821 Filed 11-1-21; 8:45 am]
BILLING CODE 8011-01-P


