United States Agency for International Development.
Notice of proposed general routine use.
The United States Agency for International Development (USAID) is providing notice to alter each of its system of records by adding a new general routine use subject to the Privacy Act of 1974, as amended (5 U.S.C. 552a). The new general routine use will permit disclosure of USAID records protected by the Privacy Act when reasonably necessary to respond, prevent, minimize or remedy harm that may result from an agency data breach. This notice complies with subsection (e)(11) of the Privacy Act (5 U.S.C. 552a), which requires agencies to publish advance notice of any new routine use of information in a system of records.
Written comments must be received on or before December 12, 2007. The proposed general routine use will be effective January 11, 2008 unless the Agency receives comments which would result in a contrary determination.
You may submit comments to:
Mail: Philip M. Heneghan, Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue, NW., Office 2.12-003, Washington, DC 20523-2120.Start Further Info
FOR FURTHER INFORMATION CONTACT:
For general questions regarding this notice, please contact: Rhonda L. Turnbow, Deputy Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue, NW., Office 7.6-06A, Washington, DC 20523-2120 or by e-mail: firstname.lastname@example.org.End Further Info End Preamble Start Supplemental Information
Pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a) notice is hereby given that USAID proposes to modify all of its Privacy Act system of records to include a new general routine use permitting disclosure to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach or compromise of data contained in a system of records. USAID is publishing notice of this new general routine use and giving the public a 30 day period to comment before adopting it as final. The purpose and intent of publishing the routine use is to give individuals full and fair notice of the extent of potential disclosures, consistent with the Privacy Act's requirement that individuals be made aware of how their records may be disclosed.
USAID is following recommendations from the Office of Management and Budget (OMB) memorandum M-07-16 “Safeguarding Against and Responding to the Breach of Personally Identifiable Information” and the President's Identity Theft Task Force's Strategic Plan, which advised all federal agencies to publish a routine use for their systems of records allowing for the disclosure of information in the course of responding to a breach of data maintained in a system of records. The routine use will facilitate an effective response to a confirmed or suspected breach by allowing for the disclosure to those individuals affected by the breach, as well as to others who are in a position to assist in the Agency's response efforts, either by a role in preventing, minimizing or remedying harms from the breach.
The Privacy Act authorizes the Agency to adopt routine uses that are consistent with the purpose for which information is collected and subject to the Privacy Act. OMB guidance also recognizes cases in which routine uses are necessary and proper for the efficient conduct of the government and in the best interest of both the individual and the public. A routine use to provide for disclosure in connection with response and remedial efforts in the event of a breach of federal data would qualify as a necessary and proper use of information.
A report of the proposed new general routine use has been sent to Congress and to the Office of Management and Budget for their evaluation.
Accordingly, USAID proposes to amend its Privacy Act general routine uses, as published by adding the following new routine use at the end of the existing routine uses set forth:
Statement of General Routine Uses
15. To appropriate agencies, entities, and persons when (1) USAID suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) USAID has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the USAID or another Agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with USAID's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.Start Signature
Dated: December 5, 2007.
Philip M. Heneghan,
Chief Privacy Officer.
[FR Doc. E7-24062 Filed 12-11-07; 8:45 am]
BILLING CODE 6116-01-P