Occupational Safety and Health Act

In 1971, Congress passed the Occupational Safety and Health Act to ensure worker and workplace safety. Their goal was to ensure that employers provide their employees with a workplace free from recognized hazards to safety and health, for instance, exposure to toxic chemicals, excessive noise levels, mechanical dangers, heat or cold stress, or unsanitary conditions.

To establish standards for workplace health and safety, the OSHA created the National Institute for Occupational Safety and Health (NIOSH) as the research institution for the Occupational Safety and Health Administration (OSHA). OSHA represents a division of the US Department of Labor that oversees the administration of the Act and enforces standards in all fifty states.

A closer look at the Act

The Occupational Safety and Health Act was enacted to “assure safe and healthful working conditions for working men and women.”

While the Occupational Safety and Health Act is administered through the Department of Labor, many states have their own occupational health and safety laws. Generally, the federal Act requires employers to:

  • Allow OSHA inspections without notice or as a result of an employee complaint.
  • Provide workers with information on OSHA protection, via workplace posters and other notifications.
  • Provide workers with information on identifying hazardous substances in the workplace and training on how to treat injuries from these substances.
  • Provide workers with information on first aid procedures, and protection against blood-borne pathogens in the workplace.
  • Provide workers with training on how to deal with fires and other emergencies.

The Act also requires that employers do not take action against employees who file complaints alleging violations of the Act.

“Privacy Concern” Cases

The OSHA explains to employers that there are certain record-keeping situations which would be considered “privacy concern” cases. In such situations, employers are prohibited from including the employee’s name on the records or forms for privacy reasons. Instead, they are instructed to enter “privacy case” in the space normally reserved for the individual’s name. This is done to protect the privacy of the injured or ill employee when another employee, a former employee, or an authorized employee representative is provided access to the log.

Employers are also required to keep a separate, confidential list of the case numbers and employee names for privacy concern cases so they can update the cases and provide the information to the government, if required.

In order to determine if an injury or illness would be considered a “privacy concern” case, employers are asked to consider the following:

  • An injury/illness to an intimate body part or the reproductive system
  • An injury/illness resulting from sexual assault
  • Mental illness
  • HIV infection, hepatitis, or tuberculosis
  • Needlestick injuries and cuts from sharp objects that are contaminated with another person’s blood or other potentially infectious material
  • Other illnesses, if the employee voluntarily requests that his/her name not be entered on the log


US federal agencies are legally required to ensure the protection of personally identifiable information (PII) they collect, store and transmit. This article takes a look at the Occupational Safety and Health Act and how the Occupational Safety and Health Administration (OSHA) deals with privacy issues.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam,  a privacy professional should be comfortable with topics related to this post, including:

  • US agencies regulating workplace privacy issues – Occupational Safety and Health Act (IV.A.b.v.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>