Start Preamble

AGENCY:

Small Business Administration.

ACTION:

Notice of new routine use; request for comment.

SUMMARY:

The Small Business Administration (SBA) is adding a new routine use to each of the agency's Privacy Act Systems of Records. This new routine use will allow SBA to disclose to appropriate agencies, entities and persons pertinent information for purposes of preventing, minimizing or remedying any harm that may result from a breach of the data maintained in those records.

DATES:

Written comments on the new routine use must be received on or before October 9, 2007. The routine use will be effective without further action at the end of the comment period, unless comments received require a contrary determination.

ADDRESSES:

Written comments should be directed to Lisa J. Babcock, Chief, Freedom of Information/Privacy Acts Office, U.S. Small Business Administration, 409 3rd Street, SW., Washington, DC 20416.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Lisa J. Babcock, Chief, Freedom of Information/Privacy Acts Office, (202) 401-8203.

End Further Info End Preamble Start Supplemental Information

SUPPPLEMENTARY INFORMATION:

On May 22, 2007, the Office of Management and Budget (OMB) issued Memorandum M-07-16, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” The memorandum includes a recommendation for agencies to adopt a routine use specifically applying to the disclosure of such information in the event of a suspected or confirmed breach. This new routine use is in response to that recommendation and is intended to facilitate timely and effective response in the event of a breach by allowing disclosure to those persons, agencies and entities that are in a position to assist the agency in notifying affected individuals or in preventing, minimizing or remedying harm from the breach.

The Privacy Act requires agencies to publish notice in the Federal Register when there is a revision, including addition of routine uses, to an agency's Start Printed Page 48313system of records. See, 5 U.S.C. 552a (e)(4) and (11). In accordance with that requirement, this notice also provides the public a 30-day period in which to comment on the new routine use. SBA is also providing the Congress and OMB a 40-day advance notice as required by the Privacy Act. See, 5 U.S.C. a(r).

SBA's Privacy Act complete systems of records, which can be viewed on the agency's Web site at: http://www.sba.gov/​aboutsba/​sbaprograms/​foia/​papias/​index.html was last published on September 30, 2004 at 69 FR 58598, and consist of the following:

SBA 1—Administrative Claims.

SBA 2—Administrator's Executive Secretariat Files.

SBA 3—Advisory Council Files.

SBA 4—Office of Inspector General Records Other Than Investigations

Records.

SBA 5—Business and Community Initiatives Resource Files.

SBA 6—Civil Rights Compliance Files.

SBA 7—Combined Federal Campaign.

SBA 8—Correspondence and Inquiries.

SBA 9—Cost Allocation Data System.

SBA 10—Employee Identification Card Files.

SBA 11—Entrepreneurial Development—Management Information System.

SBA 12—Equal Employment Opportunity Pre-Complaint Counseling.

SBA 13—Equal Employment Opportunity Complaint Cases.

SBA 14—Freedom of Information/Privacy Act Records.

SBA 15—Grievance and Appeals Files.

SBA 16—Investigative Files.

SBA 17—Investigations Division Management Information System.

SBA 18—Legal Work Files on Personnel Cases.

SBA 19—Litigation and Claims Files.

SBA 20—Disaster Loan Case Files.

SBA 21—Loan System.

SBA 22—Outside Employment Files.

SBA 23—Payroll Files.

SBA 24—Personnel Security Files.

SBA 25—Portfolio Review Files.

SBA 26—Power of Attorney Files.

SBA 27—Security and Investigations Files.

SBA 28—Small Business Persons and Advocate Awards.

SBA 29—Standards of Conduct.

SBA 30—Servicing and Contracts System/Minority Enterprise.

Development Headquarters Repository.

SBA 31—Temporary Disaster Employee Files.

SBA 32—Tort Claims.

SBA 33—Travel Files.

SBA 34—Identity Management System.

SBA will revise these systems of records by adding the following new routine use at the end of the existing routine uses for each system. The text of this routine use is the same as recommended in OMB M-07-16 and is consistent with the text of the routine use already adopted by several agencies, including the Department of Justice, for the same purpose described in this notice.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses

To appropriate agencies, entities, and persons when (1) The Agency suspects or has confirmed that the security or confidentiality of information in the system or records has been compromised; (2) the Agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Agency or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Agency's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

Start SignatureEnd Signature End Supplemental Information