{"description":"Documents matching 'breach compliance'","count":7060,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=breach+compliance&format=json&page=2","results":[{"title":"Health Breach Notification Rule","type":"Rule","abstract":"The Federal Trade Commission (\"FTC\" or \"Commission\") is amending the Commission's Health Breach Notification Rule (the \"HBN Rule\" or the \"Rule\"). The HBN Rule requires vendors of personal health records (\"PHRs\") and related entities that are not covered by the Health Insurance Portability and Accountability Act (\"HIPAA\") to notify individuals, the FTC, and, in some cases, the media of a breach of unsecured personally identifiable health data.","document_number":"2024-10855","html_url":"https://www.federalregister.gov/documents/2024/05/30/2024-10855/health-breach-notification-rule","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-05-30/pdf/2024-10855.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-10855.pdf?1716986712","publication_date":"2024-05-30","agencies":[{"raw_name":"FEDERAL TRADE COMMISSION","name":"Federal Trade Commission","id":192,"url":"https://www.federalregister.gov/agencies/federal-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/192","parent_id":null,"slug":"federal-trade-commission"}],"excerpts":"2013 to 739 <span class=\"match\">breaches</span> in 2023. \n See <span class=\"match\">Breach</span> Portal, \n U.S. Dep't of Health &amp; Human Servs., Office for Civil Rights, \n https://ocrportal.hhs.gov/ocr/<span class=\"match\">breach</span>/breach_report.jsf \n (last visited March 1, 2024). The data was downloaded on March 1, 2024, resulting in limited data for 2024. Thus, <span class=\"match\">breaches</span> from 2024 were excluded from the calculations. However, <span class=\"match\">breach</span> investigations that remain open (under investigation) from years prior to 2024 are included in the count of yearly <span class=\"match\">breaches</span>.\n \n \n \n Specifically, HHS's OCR reported 715 <span class=\"match\">breaches</span> in 2021, 719"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is partially modifying an existing system of records maintained by the Office for Civil Rights (OCR), \"Program Information Management System (PIMS),\" System No. 09- 90-0052. The modifications include changing the system of records name to \"HHS Civil Rights and Health Information Privacy Program Records\" and affect only certain sections of the System of Records Notice (SORN), so HHS is not republishing the SORN in full. The system of records contains records about individual members of the public who submit or are named or otherwise involved in civil rights, conscience and religious freedom, and health information privacy-related complaints received by and compliance reviews conducted by OCR, and individuals who submit reports to OCR about breaches of unsecured protected health information (PHI) experienced by covered entities and business associates subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach Notification, and Enforcement Rules. OCR is modifying it to include information that programs subject to 42 CFR part 2 (\"Part 2\") (and, as applicable, a qualified service organization on a Part 2 program's behalf) report to the Secretary with respect to a breach of unsecured substance use disorder (SUD) patient records maintained by a Part 2 program (\"Part 2 records\") and complaints and compliance reviews involving potential violations of Part 2.","document_number":"2026-03003","html_url":"https://www.federalregister.gov/documents/2026/02/17/2026-03003/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-17/pdf/2026-03003.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-03003.pdf?1770930912","publication_date":"2026-02-17","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"requirements governing confidentiality of SUD patient records through, among other activities, conducting complaint investigations and <span class=\"match\">compliance</span> reviews and collecting (and publicly posting, as applicable) reports of <span class=\"match\">breaches</span> of unsecured Part 2 records. A Part 2 <span class=\"match\">breach</span> report form approved by OMB for collection of information will be accessible from OCR's website at \n https://www.hhs.gov/hipaa/for-professionals/<span class=\"match\">breach</span>-notification/index.html. \n This form must be filed through the HHS website. A Part 2 complaint form approved by OMB for collection"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"The Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108 require that each agency publish notice of a new or modified system of records that it maintains. In compliance with Executive Order 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse, and Office of Management and Budget Memorandum M-25- 32, Preventing Improper Payments and Protecting Privacy Through Do Not Pay, the Department of Labor (DOL) is modifying eight Privacy Act systems of records by adding a new routine use to permit the disclosure of records to the Department of the Treasury. Additionally, in accordance with Office of Management and Budget Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, DOL is adding two model routine uses to the eight systems of records to permit the disclosure of records in response to a breach.","document_number":"2026-07740","html_url":"https://www.federalregister.gov/documents/2026/04/21/2026-07740/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-21/pdf/2026-07740.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07740.pdf?1776689114","publication_date":"2026-04-21","agencies":[{"raw_name":"DEPARTMENT OF LABOR","name":"Labor Department","id":271,"url":"https://www.federalregister.gov/agencies/labor-department","json_url":"https://www.federalregister.gov/api/v1/agencies/271","parent_id":null,"slug":"labor-department"}],"excerpts":"eight SORNs two model routine uses in OMB Memorandum M-17-12, Preparing for and Responding to a <span class=\"match\">Breach</span> of Personally Identifiable Information, for Federal agencies to prepare for and respond to a <span class=\"match\">breach</span> of personally identifiable information (PII). One permits the disclosure of information related to <span class=\"match\">breaches</span> of an agency's own records, and the second permits the disclosure of agency records to assist other agencies in their efforts to respond to a <span class=\"match\">breach</span>. To date, DOL has been adding these routine uses to individual \n \n SORNs when they otherwise require"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974 and in compliance with Executive Order 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse, and Office of Management and Budget Memorandum M-25-32, Preventing Improper Payments and Protecting Privacy Through Do Not Pay, the Commodity Futures Trading Commission (CFTC or Commission) is modifying four Privacy Act systems of records by adding a new routine use to permit the disclosure of records to the Department of the Treasury. In addition, in accordance with Office of Management and Budget Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, the CFTC is adding routine uses to three of those systems of records to permit the disclosure of records in response to a breach. These modified systems of records will be included in the CFTC's inventory of record systems.","document_number":"2025-21510","html_url":"https://www.federalregister.gov/documents/2025/11/28/2025-21510/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-11-28/pdf/2025-21510.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-21510.pdf?1764164735","publication_date":"2025-11-28","agencies":[{"raw_name":"COMMODITY FUTURES TRADING COMMISSION","name":"Commodity Futures Trading Commission","id":77,"url":"https://www.federalregister.gov/agencies/commodity-futures-trading-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/77","parent_id":null,"slug":"commodity-futures-trading-commission"}],"excerpts":"additional routine uses to permit disclosure of records in the context of a <span class=\"match\">breach</span> to three of those SORNs: \n • CFTC-5 Employee Personnel, Payroll, Time and Attendance \n • CFTC-6 Employee Travel and Transportation Records \n • CFTC-49 Whistleblower Records \n \n Office of Management and Budget Memorandum M-17-12, \n Preparing for and Responding to a <span class=\"match\">Breach</span> of Personally Identifiable Information, \n (OMB M-17-12) sets forth the policy for Federal agencies to prepare for and respond to a <span class=\"match\">breach</span> of personally identifiable information (PII). It established two model"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"The purpose of this notice is to meet the requirement of M-17- 12 requiring agencies to include two mandatory routine uses in all agency System of Records Notices (SORN) to facilitate information sharing in responding to breaches. The amended list of routine uses is consistent with requirements in a memorandum issued by the Office of Management and Budget (OMB) on January 3, 2017. The memorandum requires that all Federal agencies publish two routine uses for their systems allowing for the disclosure of personally identifiable information to the appropriate parties in the course of responding to a breach or suspected breach of the agency's PII or to assist another agency in its response to a confirmed or suspected breach.","document_number":"2025-14003","html_url":"https://www.federalregister.gov/documents/2025/07/25/2025-14003/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-25/pdf/2025-14003.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-14003.pdf?1753361109","publication_date":"2025-07-25","agencies":[{"raw_name":"SELECTIVE SERVICE SYSTEM","name":"Selective Service System","id":467,"url":"https://www.federalregister.gov/agencies/selective-service-system","json_url":"https://www.federalregister.gov/api/v1/agencies/467","parent_id":null,"slug":"selective-service-system"}],"excerpts":"(Memorandum M-17-12 “Preparing for and Responding to a <span class=\"match\">Breach</span> of Personally Identifiable Information”). OMB's memorandum requires that all Federal agencies publish two routine uses for their systems allowing for the disclosure of personally identifiable information to the appropriate parties in the course of responding to a <span class=\"match\">breach</span> or suspected <span class=\"match\">breach</span> of the agency's PII or to assist another agency in its response to a confirmed or suspected <span class=\"match\">breach</span>. \n \n SYSTEM NAME(S) AND NUMBER(S): \n (1) Registration, <span class=\"match\">Compliance</span> and Verification (RCV), SSS-19. (2) Integrated"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"The Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108 require that each agency publish notice of a new or modified system of records that it maintains. DOL/GOVT-1, Office of Workers' Compensation Programs, Federal Employees' Compensation Act File is a system of records that contains all records relating to injury or death of civilian employees or other persons entitled to benefits under the Federal Employees' Compensation Act. In compliance with Executive Order 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse, and Office of Management and Budget Memorandum M-25-32, Preventing Improper Payments and Protecting Privacy Through Do Not Pay, the Department of Labor (DOL) is modifying DOL/GOVT-1 by adding a new routine use to permit the disclosure of records to the U.S. Department of the Treasury. Additionally, in accordance with Office of Management and Budget Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, DOL is adding two model routine uses to the system of records to permit the disclosure of records in response to a breach.","document_number":"2026-09081","html_url":"https://www.federalregister.gov/documents/2026/05/07/2026-09081/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-07/pdf/2026-09081.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-09081.pdf?1778071529","publication_date":"2026-05-07","agencies":[{"raw_name":"DEPARTMENT OF LABOR","name":"Labor Department","id":271,"url":"https://www.federalregister.gov/agencies/labor-department","json_url":"https://www.federalregister.gov/api/v1/agencies/271","parent_id":null,"slug":"labor-department"}],"excerpts":"of records two model routine uses from OMB Memorandum M-17-12, Preparing for and Responding to a <span class=\"match\">Breach</span> of Personally Identifiable Information, for Federal agencies to prepare for and respond to a <span class=\"match\">breach</span> of personally identifiable information. One permits the disclosure of information related to <span class=\"match\">breaches</span> of an agency's own records, and the second permits the disclosure of agency records to assist other agencies in their efforts to respond to a <span class=\"match\">breach</span>. To date, DOL has been adding these routine uses to individual SORNs when they otherwise require"},{"title":"Data Breach Reporting Requirements","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission) modifies the Commission's data breach notification rules to better ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised.","document_number":"2024-01667","html_url":"https://www.federalregister.gov/documents/2024/02/12/2024-01667/data-breach-reporting-requirements","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-12/pdf/2024-01667.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-01667.pdf?1707486318","publication_date":"2024-02-12","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"to report <span class=\"match\">breaches</span> of such information. The Commission concludes that carriers should be obligated to comply with its <span class=\"match\">breach</span> notification rule whenever such information is the subject of a <span class=\"match\">breach</span>, whether or not the information is CPNI.\n \n \n 4. The pervasiveness of data <span class=\"match\">breaches</span> and the frequency of <span class=\"match\">breach</span> notifications have evolved and increased since the Commission first adopted its <span class=\"match\">breach</span> notification rule in 2007. As discussed in the \n Data <span class=\"match\">Breach</span> Notice, \n the Commission's requirement is one of several sector-specific Federal <span class=\"match\">breach</span> notification"},{"title":"Summary of Commission Practice Relating to Administrative Protective Orders","type":"Notice","abstract":"Since February 1991, the U.S. International Trade Commission (\"Commission\") has published in the Federal Register reports on the status of its practice with respect to breaches of its administrative protective orders (\"APOs\") under title VII of the Tariff Act of 1930 in response to a direction contained in the Conference Report to the Customs and Trade Act of 1990. Over time, the Commission has added to its report discussions of APO breaches in Commission proceedings other than under title VII and violations of the Commission's rules, including the rule on bracketing business proprietary information (the \"24-hour rule\") title 19 of the Code of Federal Regulations. This notice provides a summary of APO breach investigations completed during fiscal year 2024. This summary addresses APO breach investigations related to proceedings under both title VII and section 337 of the Tariff Act of 1930. The Commission intends for this summary to inform representatives of parties to Commission proceedings of the specific types of APO breaches before the Commission and the corresponding types of actions that the Commission has taken.","document_number":"2024-30518","html_url":"https://www.federalregister.gov/documents/2024/12/23/2024-30518/summary-of-commission-practice-relating-to-administrative-protective-orders","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-23/pdf/2024-30518.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30518.pdf?1734702328","publication_date":"2024-12-23","agencies":[{"raw_name":"INTERNATIONAL TRADE COMMISSION","name":"International Trade Commission","id":262,"url":"https://www.federalregister.gov/agencies/international-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/262","parent_id":null,"slug":"international-trade-commission"}],"excerpts":"determining whether to issue a sanction for the <span class=\"match\">breach</span>, the Commission considered the following mitigating factors: (1) all three <span class=\"match\">breaches</span> were inadvertent and unintentional; (2) the <span class=\"match\">breaching</span> party took prompt action to remedy the third <span class=\"match\">breach</span> and prevent further dissemination of BPI; (3) the <span class=\"match\">breaching</span> party implemented new procedures to prevent against similar <span class=\"match\">breaches</span> in the future; and (4) the individual involved had not previously <span class=\"match\">breached</span> an APO in the two-year period preceding the dates of these <span class=\"match\">breaches</span>. The Commission also considered the following"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"individuals were affected by <span class=\"match\">breaches</span> involving the PHI of 500 or more individuals—a new record. We anticipate that 2024 will surpass that record, particularly in light of the estimate provided by a large covered entity regarding the number of individuals affected by a <span class=\"match\">breach</span> of its subsidiary.\n 214 \n \n \n \n \n 211 \n  \n See \n “<span class=\"match\">Breach</span> Portal: Notice to the Secretary of HHS <span class=\"match\">Breach</span> of Unsecured Protected Health Information,” \n supra \n note 10.\n \n \n \n \n 212 \n  \n Id. \n \n \n \n \n 213 \n  “Annual Report to Congress on <span class=\"match\">Breaches</span> of Unsecured Protected Health"},{"title":"Public Charge Ground of Inadmissibility","type":"Proposed Rule","abstract":"DHS proposes to rescind the 2022 public charge ground of inadmissibility regulations. The 2022 regulations are not the best implementation of the statute, inconsistent with congressional intent, unduly restrictive, and hamper DHS's ability to make accurate, precise, and reliable determinations of whether certain aliens are likely at any time to become a public charge. Rescission would restore broader discretion to evaluate all pertinent facts and align with long-standing policy that aliens in the United States should be self-reliant and government benefits should not incentivize immigration. DHS also proposes to address the breach and cancellation of public charge bonds.","document_number":"2025-20278","html_url":"https://www.federalregister.gov/documents/2025/11/19/2025-20278/public-charge-ground-of-inadmissibility","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-11-19/pdf/2025-20278.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-20278.pdf?1763414113","publication_date":"2025-11-19","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"}],"excerpts":"Amendments and Removals in the NPRM \n 1. Proposed Amendments to Cancellation and <span class=\"match\">Breach</span> of Public Charge Bonds Provisions—8 CFR 103.6(c) \n DHS proposes to amend its regulations governing the cancellation and <span class=\"match\">breach</span> of public charge bonds at 8 CFR 103.6(c)(1) to reflect the rescission of 8 CFR 212.21 as well as to more fully address when a public charge bond will be considered <span class=\"match\">breached</span>, and to explicitly address administrative appeals from a determination that the alien <span class=\"match\">breached</span> a bond. \n Under the proposed 8 CFR 103.6(c)(1)(A), a public charge bond posted"},{"title":"Voluntary Fiduciary Correction Program","type":"Rule","abstract":"This document contains an amended and restated Voluntary Fiduciary Correction Program (VFC Program or Program) under title I of the Employee Retirement Income Security Act of 1974, as amended (ERISA). The VFC Program is designed to encourage correction of fiduciary breaches and compliance with the law by permitting persons to avoid potential Department of Labor civil enforcement actions and civil penalties if they voluntarily correct eligible transactions in a manner that meets the requirements of the Program. The amendments to the Program simplify and expand the VFC Program to make the Program easier to use and more useful for employers and others who wish to avail themselves of the relief provided. Specifically, the Program amendments add a self-correction feature for delinquent transmittal of participant contributions and loan repayments to a pension plan under certain circumstances; clarify some existing transactions eligible for correction under the Program; expand the scope of other transactions currently eligible for correction; and simplify certain administrative or procedural requirements for participation in and correction of transactions under the VFC Program. In addition, the amendments implement section 305(b)(2) and (3) of the SECURE 2.0 Act of 2022 (SECURE 2.0 Act) by adding a self-correction feature for certain participant loan failures self-corrected under the Internal Revenue Service's Employee Plans Compliance Resolution System (as described in Rev. Proc. 2021-30, or any successor guidance) (IRS's EPCRS).","document_number":"2025-00327","html_url":"https://www.federalregister.gov/documents/2025/01/15/2025-00327/voluntary-fiduciary-correction-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-15/pdf/2025-00327.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00327.pdf?1736862323","publication_date":"2025-01-15","agencies":[{"raw_name":"DEPARTMENT OF LABOR","name":"Labor Department","id":271,"url":"https://www.federalregister.gov/agencies/labor-department","json_url":"https://www.federalregister.gov/api/v1/agencies/271","parent_id":null,"slug":"labor-department"},{"raw_name":"Employee Benefits Security Administration","name":"Employee Benefits Security Administration","id":131,"url":"https://www.federalregister.gov/agencies/employee-benefits-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/131","parent_id":271,"slug":"employee-benefits-security-administration"}],"excerpts":"provides that a fiduciary who <span class=\"match\">breaches</span> any of these responsibilities shall be personally liable to make good to the plan any losses to the plan resulting from each <span class=\"match\">breach</span> and to restore to the plan any profits the fiduciary made through the use of the plan's assets. Section 405 of ERISA provides that a fiduciary may be liable, under certain circumstances, for a <span class=\"match\">breach</span> of fiduciary responsibility by a co-fiduciary. In addition, under certain circumstances, there may be liability for knowing participation in a fiduciary <span class=\"match\">breach</span>. In order to assist all affected"},{"title":"Health Breach Notification Rule","type":"Proposed Rule","abstract":"The Federal Trade Commission (\"FTC\" or \"Commission\") proposes to amend the Commission's Health Breach Notification Rule (the \"HBN Rule\" or the \"Rule\") and requests public comment on the proposed changes. The HBN Rule requires vendors of personal health records (\"PHRs\") and related entities that are not covered by the Health Insurance Portability and Accountability Act (\"HIPAA\") to notify individuals, the FTC, and, in some cases, the media of a breach of unsecured personally identifiable health data.","document_number":"2023-12148","html_url":"https://www.federalregister.gov/documents/2023/06/09/2023-12148/health-breach-notification-rule","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-06-09/pdf/2023-12148.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-12148.pdf?1686228316","publication_date":"2023-06-09","agencies":[{"raw_name":"FEDERAL TRADE COMMISSION","name":"Federal Trade Commission","id":192,"url":"https://www.federalregister.gov/agencies/federal-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/192","parent_id":null,"slug":"federal-trade-commission"}],"excerpts":"number of individuals affected per <span class=\"match\">breach</span> is 62,402.\n 100 \n \n Given an estimated 71 <span class=\"match\">breaches</span> per year, FTC staff estimates an average of 4,430,542 consumers per year will receive a <span class=\"match\">breach</span> notification (71 <span class=\"match\">breaches</span> × 62,402 individuals per <span class=\"match\">breach</span>).\n \n \n \n 100 \n  HHS <span class=\"match\">Breach</span> Data, \n supra \n note 96 (mean of Individuals Affected during <span class=\"match\">breaches</span> 2017-2022). This analysis uses the last six years of HHS <span class=\"match\">breach</span> data to generate the average, in order to account for the variation in number of individuals affected by <span class=\"match\">breaches</span> observed in the HHS data over time"},{"title":"Prohibited Transaction Exemption (PTE) 2002-51 To Permit Certain Transactions Identified in the Voluntary Fiduciary Correction Program","type":"Rule","abstract":"This document amends Prohibited Transaction Exemption 2002-51, an exemption for certain transactions identified in the Department of Labor's Voluntary Fiduciary Correction Program (VFC Program or Program). The VFC Program is designed to encourage correction of fiduciary breaches and compliance with the law by permitting persons to avoid potential Department of Labor civil enforcement actions and civil penalties if they voluntarily correct eligible transactions in a manner that meets the requirements of the Program. PTE 2002-51 is a related class exemption that allows excise tax relief from excise taxes imposed by the Internal Revenue Code of 1986, as amended, for certain eligible transactions corrected pursuant to the VFC Program. This amendment to PTE 2002-51 is being finalized in connection with the Department's amendment and restatement of the VFC Program, published elsewhere in this issue of the Federal Register (2025 VFC Program). These amendments simplify and expand the VFC Program and exemptive relief to make the Program and exemption easier to use and more useful for employers and others who wish to avail themselves of the relief provided. The amendment to PTE 2002-51 affects plans, participants and beneficiaries of such plans, and certain other persons engaging in such transactions.","document_number":"2025-00328","html_url":"https://www.federalregister.gov/documents/2025/01/15/2025-00328/prohibited-transaction-exemption-pte-2002-51-to-permit-certain-transactions-identified-in-the","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-15/pdf/2025-00328.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00328.pdf?1736862323","publication_date":"2025-01-15","agencies":[{"raw_name":"DEPARTMENT OF LABOR","name":"Labor Department","id":271,"url":"https://www.federalregister.gov/agencies/labor-department","json_url":"https://www.federalregister.gov/api/v1/agencies/271","parent_id":null,"slug":"labor-department"},{"raw_name":"Employee Benefits Security Administration","name":"Employee Benefits Security Administration","id":131,"url":"https://www.federalregister.gov/agencies/employee-benefits-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/131","parent_id":271,"slug":"employee-benefits-security-administration"}],"excerpts":"Program. Some of the <span class=\"match\">breaches</span> that may be corrected under the VFC Program are also prohibited transactions subject to excise tax under Code section 4975. Reorganization Plan No. 4 of 1978 transferred the authority of the Secretary of Treasury to issue exemptions from the prohibited transaction provisions of Code section 4975 to the Secretary of Labor.\n 3 \n \n The exemption allows excise tax relief for certain specified <span class=\"match\">breaches</span> under the VFC Program. PTE 2002-51 is subject to several general conditions, including that the <span class=\"match\">breach</span> be appropriately corrected"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"As required by the Privacy Act of 1974 and the Office of Management and Budget (OMB) Circulars A-108 and A-130, the Department of Energy (DOE or the Department) is publishing notice of a modification to an existing Privacy Act system of records. DOE proposes to amend System of Records DOE-2 DOE-Personnel Supervisor Maintained Personnel Records. This System of Records Notice (SORN) is being modified to align with new formatting requirements, published by the OMB, and to ensure appropriate Privacy Act coverage of business processes and Privacy Act information. While there are no substantive changes to the \"Categories of Individuals\" or \"Categories of Records\" sections covered by this SORN, substantive changes have been made to the \"System Locations,\" \"Routine Uses,\" and \"Administrative, Technical and Physical Safeguards\" sections to provide greater transparency. Changes to \"Routine Uses\" include new provisions related to responding to breaches of information held under a Privacy Act SORN as required by OMB's Memorandum M-17-12, \"Preparing for and Responding to a Breach of Personally Identifiable Information\" (January 3, 2017). Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.","document_number":"2024-23780","html_url":"https://www.federalregister.gov/documents/2024/10/16/2024-23780/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-16/pdf/2024-23780.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-23780.pdf?1728996319","publication_date":"2024-10-16","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"}],"excerpts":"replaces it with one to assist DOE with responding to a suspected or confirmed <span class=\"match\">breach</span> of its records of Personally Identifiable Information (PII), modeled with language from OMB's Memorandum M-17-12, “Preparing for and Responding to a <span class=\"match\">Breach</span> of Personally Identifiable Information” (January 3, 2017). Further, this notice adds one new routine use to ensure that DOE may assist another agency or entity in responding to the other agency's or entity's confirmed or suspected <span class=\"match\">breach</span> of PII, as appropriate, as aligned with OMB's Memorandum M-17-12. Several categories"},{"title":"Agency Information Collection Activities; Reinstatement; Customs-Trade Partnership Against Terrorism (CTPAT) and Trade Compliance","type":"Notice","abstract":"The Department of Homeland Security, U.S. Customs and Border Protection (CBP) will be submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995 (PRA). The information collection is published in the Federal Register to obtain comments from the public and affected agencies.","document_number":"2026-09216","html_url":"https://www.federalregister.gov/documents/2026/05/08/2026-09216/agency-information-collection-activities-reinstatement-customs-trade-partnership-against-terrorism","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-08/pdf/2026-09216.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-09216.pdf?1778157923","publication_date":"2026-05-08","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"U.S. Customs and Border Protection","name":"U.S. Customs and Border Protection","id":501,"url":"https://www.federalregister.gov/agencies/u-s-customs-and-border-protection","json_url":"https://www.federalregister.gov/api/v1/agencies/501","parent_id":227,"slug":"u-s-customs-and-border-protection"}],"excerpts":"to apply to the CTPAT Trade <span class=\"match\">Compliance</span> component. The CTPAT Trade <span class=\"match\">Compliance</span> program strengthens security by leveraging the CTPAT supply chain requirements, identifying low-risk trade entities for supply chain security, and increasing the overall efficiency of trade by segmenting risk and processing by account. \n The CTPAT Trade <span class=\"match\">Compliance</span> program is open to U.S. and non-resident Canadian importers that have satisfied both the CTPAT supply chain security and trade <span class=\"match\">compliance</span> requirements. \n The CTPAT Trade <span class=\"match\">Compliance</span> program application includes"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the Department of the Treasury (\"Treasury\" or the \"Department\") proposes to establish a new Treasury system of records titled, \"Department of the Treasury, .031--Trump Accounts Program (TAP) System of Records.\" This system of records supports the Treasury's administration, oversight and compliance activities associated with Trump accounts, which are a type of traditional IRA established for the exclusive benefit of, and designed to promote long-term wealth building for, eligible American children. Records maintained in this system enable Treasury to administer and oversee program operations, ensure compliance with applicable statutory requirements, and carry out the objectives for Trump accounts.","document_number":"2026-07514","html_url":"https://www.federalregister.gov/documents/2026/04/17/2026-07514/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-17/pdf/2026-07514.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07514.pdf?1776343513","publication_date":"2026-04-17","agencies":[{"raw_name":"DEPARTMENT OF THE TREASURY","name":"Treasury Department","id":497,"url":"https://www.federalregister.gov/agencies/treasury-department","json_url":"https://www.federalregister.gov/api/v1/agencies/497","parent_id":null,"slug":"treasury-department"}],"excerpts":"there has been a <span class=\"match\">breach</span> of the system of records; (2) the Department of the Treasury has determined that as a result of the suspected or confirmed <span class=\"match\">breach</span> there is a risk of harm to individuals, the Department of the Treasury (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of the Treasury's efforts to respond to the suspected or confirmed <span class=\"match\">breach</span> or to prevent"},{"title":"Agency Information Collection Request; 60-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Office for Civil Rights (OCR), Department of Health and Human Services (HHS), is publishing the following summary of a proposed collection for public comment.","document_number":"2025-24099","html_url":"https://www.federalregister.gov/documents/2025/12/31/2025-24099/agency-information-collection-request-60-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-31/pdf/2025-24099.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-24099.pdf?1767102318","publication_date":"2025-12-31","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"burden. \n \n Title of the Collection: \n Civil Rights and Conscience Complaint and Health Information Privacy, Security, and <span class=\"match\">Breach</span> Notification Complaint.\n \n \n Type of Collection: \n Revision.\n \n \n Abstract: \n The Office for Civil Rights (OCR) is proposing to revise OMB control number collection 0945-0002 that is expiring in December 2025, which includes two forms entitled: 1.) Health Information Privacy, Security, and <span class=\"match\">Breach</span> Notification Complaint; and 2.) Civil Rights and Conscience Complaint. This notice discusses proposed revisions to these complaint"},{"title":"Agency Information Collection Request; 30-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary, Office for Civil Rights, Department of Health and Human Services has submitted revisions to an Information Collection Request to the Office of Management and Budget (OMB) for review and approval. OMB will accept further comments from the public during the review and approval period.","document_number":"2026-04361","html_url":"https://www.federalregister.gov/documents/2026/03/05/2026-04361/agency-information-collection-request-30-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-03-05/pdf/2026-04361.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-04361.pdf?1772631909","publication_date":"2026-03-05","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"collection burden. \n \n Title of the Collection: \n Civil Rights and Conscience Complaint and Health Information Privacy, Security, and <span class=\"match\">Breach</span> Notification Complaint.\n \n \n Type of Collection: \n Revision.\n \n \n Abstract: \n The HHS Office for Civil Rights is requesting OMB approval of revisions of the previously approved collection 0945-0002 titled: Civil Rights and Conscience Complaint and Health Information Privacy, Security and <span class=\"match\">Breach</span> Notification Complaint. The purpose of the forms is to allow OCR to continue to collect the minimum information needed from"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"This system is a cloud-based procurement workflow management platform that allows the STB to streamline the procurement process, while ensuring policy compliance. This system maintains records related to payments made by the STB, including vendor payments and other financial disbursements.","document_number":"2026-03241","html_url":"https://www.federalregister.gov/documents/2026/02/19/2026-03241/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-19/pdf/2026-03241.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-03241.pdf?1771422312","publication_date":"2026-02-19","agencies":[{"raw_name":"SURFACE TRANSPORTATION BOARD","name":"Surface Transportation Board","id":481,"url":"https://www.federalregister.gov/agencies/surface-transportation-board","json_url":"https://www.federalregister.gov/api/v1/agencies/481","parent_id":null,"slug":"surface-transportation-board"}],"excerpts":"(1) STB suspects or has confirmed that there has been a <span class=\"match\">breach</span> of the systems of records, (2) STB has determined that as a result of the suspected or confirmed <span class=\"match\">breach</span> there is a risk of harm to individuals, STB (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with STB efforts to respond to the suspected or confirmed <span class=\"match\">breach</span> or to prevent, minimize, or remedy such harm; and \n g"},{"title":"Agency Information Collection Activities; Reinstatement; Customs-Trade Partnership Against Terrorism (CTPAT) and Trade Compliance","type":"Notice","abstract":"The Department of Homeland Security, U.S. Customs and Border Protection (CBP) will be submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995 (PRA). The information collection is published in the Federal Register to obtain comments from the public and affected agencies.","document_number":"2025-19231","html_url":"https://www.federalregister.gov/documents/2025/10/02/2025-19231/agency-information-collection-activities-reinstatement-customs-trade-partnership-against-terrorism","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-02/pdf/2025-19231.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19231.pdf?1759322714","publication_date":"2025-10-02","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"U.S. Customs and Border Protection","name":"U.S. Customs and Border Protection","id":501,"url":"https://www.federalregister.gov/agencies/u-s-customs-and-border-protection","json_url":"https://www.federalregister.gov/api/v1/agencies/501","parent_id":227,"slug":"u-s-customs-and-border-protection"}],"excerpts":"to apply to the CTPAT Trade <span class=\"match\">Compliance</span> component. The CTPAT Trade <span class=\"match\">Compliance</span> program strengthens security by leveraging the CTPAT supply chain requirements, identifying low-risk trade entities for supply chain security, and increasing the overall efficiency of trade by segmenting risk and processing by account. \n The CTPAT Trade <span class=\"match\">Compliance</span> program is open to U.S. and non-resident Canadian importers that have satisfied both the CTPAT supply chain security and trade <span class=\"match\">compliance</span> requirements. \n The CTPAT Trade <span class=\"match\">Compliance</span> program application includes"}]}