EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
The Technical Information Retrieval Systems (TIRS) is a database and
document imaging system that supports the Occupational Safety Health
Administration (OSHA) by providing immediate access and search capability the
collection of rulemaking documents, advisory committee submissions, agency
historic references and scientific and technical literature. The core system is
located in the Technical Data Center (TDC) within the Francis Perkins Building.
A Web server and supporting database and image information providing access to
selected parts of the rulemaking record is administered by OSHA's Directorate
of Information Technology (DIT) and is sited at their office in Salt Lake City.
Of concern to any privacy assessment is the part of TIRS which supports
Agency rulemaking dockets. Under the Administrative Procedures Act, the Agency
is required to collect public comments on proposed rules and make them
available to all interested parties. Citizens may come to the TDC to see
rulemaking dockets and Agency staffs are able to view them on client software
distributed throughout the National Office. Some docket information is made
available through the Web site. Materials where there is a clear copyright or
privacy concern are blocked from the Internet site.
Approach
Technical Data Center staff and their contractors answered and reviewed
the attached PIA. The staff has long been sensitive to the problems of personal
privacy as they have arisen in respect to the collection of public comments for
rulemaking.
Threat Statement
Submissions collected from the public in response to rulemaking are
indexed by information contained in the document. Currently, only the name and
zip code are entered into the database. Providing name and address is not
required to submit information to the rulemaking docket, but is usually the
case. Most submissions, however, are from a company or organization and the
address and contact information does not pose a personal privacy danger.
Citizens responding to an Agency proposal often include their address
information including telephone and e-mail on their submission. More important
to the issues being addressed in this document, submissions have very
infrequently been found to include information that could represent a very real
privacy threat to the individual such as a Social Security Number (SSN) or
medical records.
Results and Summary
Information submitted to rulemaking dockets is received under the
provisions of the Administrative Procedures Act and is freely provided by the
respondent. In almost all cases there appears to be little or no privacy risk
to the individuals or groups submitting comments. Where a risk can occur is
when someone submits PPI in the body of the submission not recognizing that the
rulemaking docket is open to anyone wishing to view it.
TDC staff has taken some steps recently to help protect individuals
where the information can be seen to be irrelevant to the rulemaking process.
SSNs, where noted, are blocked out before documents are scanned into the
system. Medical records or other personal information is blocked from viewing
on the Web (although one can still see view records in the TDC.) Staff time has
been devoted to searching through older rulemaking dockets looking for
sensitive PPI.
It is our hope the attached PIA and the following legal review will help
to answer some of the privacy questions that have come up in managing a public
rulemaking docket. We look forward to guidance in this important area.
|
