29 CFR § 2400.3 - Delegation of authority.
(a) The Chairman shall designate an OSHRC employee as the Privacy Officer, and shall delegate to the Privacy Officer the authority to ensure agency-wide compliance with this part.
(b) Custodians of the systems of records are responsible for the following:
(1) Adhering to this part within their respective units and, in particular, collecting, using and disclosing records, and affording individuals the right to inspect, obtain copies of and correct records concerning them;
(2) Reporting the existence of systems of records, changes to the contents of those systems and changes of routine use to the Privacy Officer, and also establishing the relevancy of records within those systems; and
(3) Maintaining an accurate accounting of each disclosure in conformance with § 2400.4(c) of this part.