what would you do? - 15th Annual Federal Workers' Compensation ...
what would you do? - 15th Annual Federal Workers' Compensation ...
what would you do? - 15th Annual Federal Workers' Compensation ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Denise Schossler and Paul Klingenberg 6/23/2011<br />
PRIVACY ACT<br />
Session No. 29—13<br />
th <strong>Annual</strong> <strong>Federal</strong><br />
Workers’ <strong>Compensation</strong> Conference<br />
Paul Klingenberg<br />
Department of Labor<br />
PRIVACY ACT<br />
AND<br />
SYSTEMS OF RECORDS<br />
WHAT WOULD YOU DO<br />
6/23/2011 2<br />
WHAT WOULD YOU DO<br />
•OFFICE OF INSPECTOR GENERAL<br />
- INVESTIGATING SPECIFIC ALLEGATION OF<br />
FRAUD<br />
- EXPLORING POSSIBLE FRAUD<br />
- AUDITING PROGRAM MANAGEMENT<br />
•ATTORNEY IN A THIRD PARTY ACTION<br />
•BUDGET OFFICE<br />
6/23/2011 3<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 1
Denise Schossler and Paul Klingenberg 6/23/2011<br />
WHAT WOULD YOU DO<br />
•EEO INVESTIGATOR<br />
•UNION REPRESENTATIVE<br />
•SECURITY OFFICE<br />
•AGENCY SAFETY AND<br />
HEALTH MANAGER<br />
•AGENCY ATTORNEY<br />
6/23/2011 4<br />
PRIVACY ACT/<br />
SYSTEMS OF RECORDS<br />
•WHAT IS THE PRIVACY ACT<br />
•WHAT INFORMATION CAN BE<br />
RELEASED ABOUT A WORKERS’<br />
COMPENSATION CASE TO WHOM<br />
•WHAT IS A SYSTEM OF RECORDS<br />
AND HOW DOES IT FIT IN THE<br />
PICTURE<br />
6/23/2011 5<br />
“No Disclosure Without Consent”<br />
Structure of the Privacy Act<br />
•ESTABLISHES RIGHTS (INDIVIDUALS)<br />
•CREATES RESPONSIBILITIES (AGENCIES)<br />
•PROVIDES OVERSIGHT MECHANISMS<br />
•NOT JUST ACCESS AND DISCLOSURE—<br />
RECORDS MANAGEMENT IS KEY<br />
6/23/2011 6<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 2
Denise Schossler and Paul Klingenberg 6/23/2011<br />
PRIVACY ACT<br />
RIGHTS FOR INDIVIDUALS<br />
• NOTIFICATION (GENERAL, SPECIFIC)<br />
• ACCESS TO RECORDS ABOUT ONESELF<br />
• AMENDMENT OF RECORDS IN ERROR<br />
• ABILITY TO SUE TO ENFORCE WRONGS<br />
AGENCY RESPONSIBILITIES<br />
• ESTABLISH REGULATIONS<br />
• MAINTAIN RECORDS TO CERTAIN STANDARDS<br />
• PROTECT RECORDS FROM DISCLOSURE<br />
• NOTIFY THE PUBLIC (general, specific)<br />
6/23/2011 7<br />
PRIVACY ACT<br />
TERM: RECORD<br />
• INFORMATION ABOUT AN INDIVIDUAL<br />
– EDUCATION, FINANCIAL TRANSACTIONS,<br />
MEDICAL HISTORY, AND CRIMINAL AND<br />
EMPLOYMENT HISTORY<br />
• INDIVIDUAL IDENTIFIER<br />
– NAME, IDENTIFYING NUMBER, SYMBOL, OR<br />
OTHER IDENTIFYING PARTICULAR ASSIGNED<br />
TO INDIVIDUAL, SUCH AS FINGERPRINT,<br />
VOICE PRINT, BIOMETRIC OR PHOTOGRAPH<br />
6/23/2011 8<br />
PRIVACY ACT<br />
TERM: SYSTEM OF RECORDS<br />
• GROUP OF RECORDS<br />
• UNDER THE CONTROL OF A FEDERAL<br />
AGENCY<br />
• RETRIEVED BY INDIVIDUAL IDENTIFIER<br />
ON A REGULAR BASIS<br />
6/23/2011 9<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 3
Denise Schossler and Paul Klingenberg 6/23/2011<br />
PRIVACY ACT<br />
TERM: ROUTINE USE<br />
• ALLOWS FOR THE DISCLOSURE OF A<br />
RECORD OUTSIDE OF THE AGENCY<br />
WITHOUT CONSENT (BECAUSE OF<br />
NOTIFICATION TO THE INDIVIDUAL AT<br />
THE TIME OF COLLECTION)<br />
• DISCLOSURE MUST BE “FOR A<br />
PURPOSE WHICH IS COMPATIBLE WITH<br />
THE PURPOSE FOR WHICH [THE<br />
INFORMATION] WAS COLLECTED”<br />
6/23/2011 10<br />
No Disclosure Without Consent<br />
PURPOSE of the PRIVACY ACT:<br />
BALANCE GOVERNMENT’S NEED TO<br />
MAINTAIN INFORMATION<br />
WITH<br />
THE RIGHTS OF INDIVIDUALS<br />
TO BE PROTECTED AGAINST THE<br />
UNWARRANTED INVASION OF THEIR<br />
PRIVACY<br />
6/23/2011 11<br />
FOUR BASIC POLICY OBJECTIVES<br />
1. RESTRICT DISCLOSURE (No<br />
Disclosure Without Consent)<br />
2. GRANT INDIVIDUALS INCREASED<br />
RIGHTS OF ACCESS<br />
3. GRANT INDIVIDUALS RIGHT TO SEEK<br />
AMENDMENT OF AGENCY RECORDS<br />
4. ESTABLISH A CODE OF<br />
“FAIR INFORMATION PRACTICES”<br />
6/23/2011 12<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 4
Denise Schossler and Paul Klingenberg 6/23/2011<br />
PRIVACY ACT SYSTEM OF RECORDS<br />
OFFICIAL NAME:<br />
DOL/GOVT-1<br />
Office of Workers’ <strong>Compensation</strong> Programs,<br />
<strong>Federal</strong> Employees’ <strong>Compensation</strong> Act File<br />
REMEMBER--A DISCLOSURE MAY BE WRITTEN<br />
(MOST DISCLOSURES ARE)<br />
BUT THERE ARE ORAL DISCLOSURES AS WELL<br />
AND ALL DISCLOSURES<br />
(INCLUDING DISCLOSURES FROM AQS)<br />
ARE COVERED BY<br />
PRIVACY ACT PRINCIPLES<br />
6/23/2011 13<br />
PRIVACY ACT—CRIMINAL<br />
CRIMINAL<br />
PENALTIES (INDIVIDUALS)<br />
1. FEDERAL EMPLOYEE DISCLOSURE OF<br />
INFORMATION PROHIBITED FROM DISCLOSURE<br />
2. FEDERAL EMPLOYEE WILLFULLY<br />
MAINTAINS A SYSTEM OF RECORDS<br />
WITHOUT MEETING NOTICE REQUIREMENTS<br />
3. ANYONE, INCLUDING A FEDERAL EMPLOYEE,<br />
REQUESTS OR OBTAINS ANY RECORD UNDER<br />
FALSE PRETENSES<br />
--(all three)--MISDEMEANOR, FINE NOT > $5,000<br />
6/23/2011 14<br />
PRIVACY ACT<br />
• These provisions are solely criminal, and<br />
create no private right of action against a<br />
federal employee individually<br />
• In other words, if <strong>you</strong> violate an individual’s<br />
privacy, the individual can only sue the<br />
government<br />
BUT THE GOVERNMENT CAN<br />
PROSECUTE YOU<br />
6/23/2011 15<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 5
Denise Schossler and Paul Klingenberg 6/23/2011<br />
PRIVACY ACT—CIVIL CIVIL REMEDIES<br />
CIVIL REMEDIES—AMENDMENT, ACCESS,<br />
ACCURACY, & OTHER DAMAGES<br />
SUIT IS AGAINST FEDERAL AGENCY ONLY—<br />
INDIVIDUAL FEDERAL EMPLOYEE IS NOT<br />
ABLE TO BE SUED FOR MONEY DAMAGES<br />
UNDER THE PRIVACY ACT<br />
6/23/2011 16<br />
SYSTEMS OF RECORDS<br />
WORKERS’ COMPENSATION<br />
RECORDS BELONG TO DOL,<br />
AND DOL ONLY<br />
ANY RECORDS THE EMPLOYING<br />
AGENCY HAS, INCLUDING<br />
COPIES, BELONG TO DOL<br />
6/23/2011 17<br />
PRIVACY ACT<br />
WHAT DOES THAT MEAN<br />
ANY RECORDS THE AGENCY HAS<br />
BELONG TO DOL, AND CAN ONLY BE<br />
RELEASED IN ACCORDANCE WITH<br />
DOL’S PUBLISHED ROUTINE USES,<br />
AND WITH DOL’S INTERPRETATION<br />
6/23/2011 18<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 6
Denise Schossler and Paul Klingenberg 6/23/2011<br />
SYSTEMS OF RECORDS<br />
WHAT ARE DOL’S PUBLISHED ROUTINE USES<br />
In addition to the 12 universal routine uses that<br />
apply to all DOL systems of records, there are 16 of<br />
them in DOL/GOVT-1<br />
Examples:<br />
- third party in a third party action<br />
- employing agency at time of<br />
injury to verify billing, check status<br />
of claim, consider rehire, etc.<br />
- potential employers for return to<br />
work consideration<br />
6/23/2011 19<br />
SYSTEMS OF RECORDS<br />
- Rehab agencies for evaluation<br />
- Physicians for use in treatment<br />
- Health insurance or medical/welfare plans for<br />
clarification of billing responsibility<br />
- Labor union acting on behalf<br />
of the employee<br />
- dual benefits issues<br />
6/23/2011 20<br />
Distinguish Between “Right of Access”<br />
Disclosures and “Routine Use” Disclosures<br />
• Disclosure to the subject of the record (the FECA<br />
claimant), while appropriate, authorized, and<br />
required by 5 U.S.C. § 552a(d)(1) (individual’s<br />
right of access), is not a disclosure pursuant to a<br />
routine use<br />
• Examples of routine use disclosures:<br />
–Example—routine use e of DOL/GOVT-1 authorizes<br />
release of FECA file information to physicians treating<br />
or examining a FECA claimant<br />
– Another example—routine use o allows release of<br />
FECA file information to a Member of Congress in<br />
response to a request for assistance to a claimant<br />
6/23/2011 21<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 7
Denise Schossler and Paul Klingenberg 6/23/2011<br />
SYSTEMS OF RECORDS<br />
SO…WHAT DOES THIS MEAN<br />
Think It Through …<br />
WORKERS’ COMP DATA CAN<br />
BE RELEASED ONLY FOR THE<br />
ROUTINE USES ESTABLISHED<br />
BY DOL<br />
6/23/2011 22<br />
WHEN YOU RELEASE DATA, YOU CAN<br />
RELEASE ONLY THAT PART OF THE<br />
RECORD THAT IS NECESSARY TO MEET<br />
THE ROUTINE USE<br />
IT IS A VIOLATION OF THE PRIVACY ACT IF<br />
YOU GIVE ANY INFORMATION NOT<br />
COVERED BY THE ROUTINE USES TO<br />
ANYONE<br />
WHEN IN DOUBT, CALL OWCP<br />
6/23/2011 23<br />
Personally Identifiable Information (PII)<br />
The department defines PII as information<br />
“whose disclosure could result in harm to the<br />
individual whose name or identity is linked to that<br />
information. Examples include, but are not limited to,<br />
social security number; credit card number; bank<br />
account number; residential address; residential or<br />
personal telephone; biometric identifier (image,<br />
fingerprint, iris, etc.); date of birth; mother’s maiden<br />
name; criminal records; medical records; and<br />
financial records. The conjunction of one data<br />
element with one or more additional elements<br />
increases the level of sensitivity and/or propensity to<br />
cause harm in the event of compromise.”<br />
6/23/2011 24<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 8
Denise Schossler and Paul Klingenberg 6/23/2011<br />
WHAT WOULD YOU DO<br />
•SECURITY OFFICE<br />
•UNION REPRESENTATIVE<br />
•EEO INVESTIGATOR<br />
•BUDGET OFFICE<br />
•ATTORNEY IN A THIRD PARTY<br />
ACTION<br />
6/23/2011 25<br />
WHAT WOULD YOU DO<br />
•AGENCY SAFETY AND HEALTH<br />
MANAGER<br />
•OFFICE OF INSPECTOR GENERAL<br />
•AGENCY ATTORNEY<br />
6/23/2011 26<br />
DISCLOSURE<br />
YES/NO<br />
• EMPLOYING AGENCY<br />
–OIG—YES<br />
(IF INVESTIGATING FECA FRAUD)<br />
– INJURY COMP—YES<br />
– SECURITY OFFICE—YES<br />
YES, with limitations<br />
– SUPERVISOR—YES<br />
YES, IF RTW, and with limitations<br />
– EEO INVESTIGATOR—NO<br />
NO (with PA WAIVER, YES)<br />
– PERSONNEL ACTION—NONO<br />
– AGENCY ATTORNEY—NONO (if assisting agency with FECA<br />
case itself, YES)<br />
– BUDGET OFFICE—YES, summary information only<br />
– SAFETY AND HEALTH—YES, with limitations<br />
– UNION REPRESENTATIVE—YES<br />
YES, but only if representing<br />
claimant before OWCP<br />
6/23/2011 27<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 9
Denise Schossler and Paul Klingenberg 6/23/2011<br />
“YES” DOES NOT MEAN<br />
UNQUALIFIED YES<br />
• It is important to remember that, unless <strong>you</strong> have<br />
a Privacy Act waiver signed by the FECA<br />
claimant, or are responding to a first person<br />
request by the claimant,<br />
• <strong>you</strong> always must confirm that the expected use of<br />
the information is compatible with the routine use,<br />
and<br />
• <strong>you</strong> disclose the least amount of information<br />
necessary for the recipient’s anticipated use.<br />
6/23/2011 28<br />
Privacy Act/FECA References<br />
• Main DOL Privacy Act Systems Page<br />
http://www.<strong>do</strong>l.gov/sol/privacy/main.htm<br />
• DOL/GOVT-1 Systems Notice<br />
http://www.<strong>do</strong>l.gov/sol/privacy/<strong>do</strong>l-govt-1.htm<br />
• DOL Universal Routine Uses<br />
http://www.<strong>do</strong>l.gov/sol/privacy/intro.htm<br />
• DOL’s assertion of control<br />
http://www.<strong>do</strong>l.gov/sol/privacy/gov-wide.htmwide.htm<br />
• 20 C.F.R. § 10.10-10.1310.13<br />
http://e<strong>do</strong>cket.access.gpo.gov/cfr_2010/aprqtr/pdf/2<br />
0cfr10.10.pdf<br />
6/23/2011 29<br />
CONTACT INFO<br />
PAUL J. KLINGENBERG<br />
202-693-5320<br />
klingenberg.paul@<strong>do</strong>l.gov (email)<br />
6/23/2011 30<br />
PRIVACY ACT AND SYSTEMS OF<br />
RECORDS 10