The purpose of this part is to provide procedures to implement the Privacy Act of 1974 for records maintained by the Occupational Safety and Health Review Commission (OSHRC). Requirement in 2400.1 explicitly states that these procedures apply to records maintained by the Commission and to systems of records operated by an entity on behalf of OSHRC pursuant to a contract to accomplish an agency function.
These procedures cover records that are maintained by the Occupational Safety and Health Review Commission (OSHRC). Requirement in 2400.1 limits applicability to records maintained by the Commission (including contract-operated systems of records run on behalf of OSHRC).
Yes — systems of records run by contractors on behalf of OSHRC are covered when they operate the records pursuant to a contract to accomplish an agency function. Requirement in 2400.1 states that the part "includes all systems of records operated by an entity on behalf of OSHRC, pursuant to a contract, to accomplish an agency function."
No — contractors that qualify as consumer reporting agencies are excluded from coverage when a record is disclosed to them under 31 U.S.C. 3711(e). Requirement in 2400.1 specifically says such contractors do not include any consumer reporting agency to which a record is disclosed under 31 U.S.C. 3711(e).
No — this part does not affect discovery in adversary proceedings before the Commission. Requirement in 2400.1 explains that discovery is governed by the Commission’s Rules of Procedure in 29 CFR part 2200, subpart D, not by these Privacy Act procedures.
A contractor becomes subject when it operates a system of records on behalf of OSHRC pursuant to a contract to accomplish an agency function. Requirement in 2400.1 makes contractor-operated systems part of the scope when they are operated under such contracts.
Yes — cloud-hosted records are covered if the cloud provider is operating a system of records on behalf of OSHRC under a contract to accomplish an agency function. Requirement in 2400.1 includes all systems of records operated by an entity on behalf of OSHRC pursuant to a contract.
No — the part applies only to records maintained by the Occupational Safety and Health Review Commission. Requirement in 2400.1 clearly limits applicability to records that are maintained by the Commission.
The official procedures are contained in Part 2400 of the regulations; see the section titled "Purpose and scope" for the applicability rules. Part 2400 and 2400.1 provide the governing statement about which records and systems are covered.
No — the part does not override the Commission’s discovery rules. Requirement in 2400.1 states this part does not affect discovery in adversary proceedings; discovery remains governed by the Commission’s Rules of Procedure in 29 CFR part 2200, subpart D.
These procedures implement the Privacy Act of 1974 (5 U.S.C. 552a) for records maintained by OSHRC. Requirement in 2400.1 states the part provides procedures to implement the Privacy Act of 1974.
No — if the vendor is a consumer reporting agency receiving records under 31 U.S.C. 3711(e), the vendor is not treated as a contractor covered by this part. Requirement in 2400.1 explicitly excludes such consumer reporting agencies from the definition of contractors covered by the part.