Skip to Content

Rule

Data Breaches

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Department of Veterans Affairs.

ACTION:

Final rule.

SUMMARY:

This document adopts, without change, the interim final rule that was published in the Federal Register on June 22, 2007, addressing data breaches of sensitive personal information that is processed or maintained by the Department of Veterans Affairs (VA). This final rule implements certain provisions of the Veterans Benefits, Health Care, and Information Technology Act of 2006. The regulations prescribe the mechanisms for taking action in response to a data breach of sensitive personal information.

DATES:

Effective Date: April 11, 2008.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Jonelle Lewis, Office of Information Protection and Risk Management (005R), U.S. Department of Veterans Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Telephone: (202) 461-6400. This is not a toll-free number.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

On June 22, 2007, VA published an interim final rule in the Federal Register (72 FR 34395). The interim final rule addressed data breaches of sensitive personal information that is processed or maintained by VA. This final rule implements 38 U.S.C. 5724 and 5727, which were enacted as part of Title IX of Public Law 109-461, the Veterans Benefits, Health Care, and Information Technology Act of 2006.

We provided a 60-day comment period that ended August 21, 2007. We received no comments. Based on the rationale set forth in the interim final rule, we adopt the provisions of the interim final rule as a final rule without any changes.

Administrative Procedure Act

This document, without change, affirms the amendment made by the interim final rule that is already in effect. The Secretary of Veterans Affairs concluded that, under 5 U.S.C. 553, there was good cause to dispense with the opportunity for prior comment with respect to this rule. The Secretary found that it was unnecessary to delay this regulation for the purpose of soliciting prior public comment based on the statutory mandate in 38 U.S.C. 5724 to publish the amendment as an interim final rule. Nevertheless, the Secretary invited public comment on the interim final rule but did not receive any comments.

Executive Order 12866

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, when regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety, and other advantages; distributive impacts; and equity). The Executive Order classifies a “significant regulatory action,” requiring review by the Office of Management and Budget (OMB), as any regulatory action that is likely to result in a rule that may: (1) Have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities; (2) create a serious inconsistency or otherwise interfere with an action taken or planned by another agency; (3) materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in the Executive Order.

The economic, interagency, budgetary, legal, and policy implications of this rule have been examined and it has been determined to be a significant regulatory action under the Executive Order because it is likely to result in a rule that may raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in the Executive Order.

Unfunded Mandates

The Unfunded Mandates Reform Act of 1995 requires, at 2 U.S.C. 1532, that agencies prepare an assessment of anticipated costs and benefits before issuing any rule that may result in expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more (adjusted annually for inflation) in any Start Printed Page 19748given year. This rule would have no such effect on State, local, and tribal governments or the private sector.

Paperwork Reduction Act

This document contains no provisions constituting a collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3521).

Regulatory Flexibility Act

The provisions of the Regulatory Flexibility Act (5 U.S.C. 601-612) do not apply to this interim final rule because the provisions of 38 U.S.C. 5724 require that this document be promulgated as an interim final rule, and, consequently, a notice of proposed rulemaking was not required for the rule. 5 U.S.C. 603-604.

Catalog of Federal Domestic Assistance Numbers

There are no Catalog of Federal Domestic Assistance numbers and titles for this rule.

Start List of Subjects

List of Subjects in 38 CFR Part 75

End List of Subjects Start Signature

Approved: April 4, 2008.

Gordon H. Mansfield,

Deputy Secretary of Veterans Affairs.

End Signature Start Part

PART 75—INFORMATION SECURITY MATTERS

Accordingly, the interim final rule establishing 38 CFR part 75 that was published in the Federal Register at 72 FR 34395 on June 22, 2007, is adopted as a final rule without changes.

End Part End Supplemental Information

[FR Doc. E8-7726 Filed 4-10-08; 8:45 am]

BILLING CODE 8320-01-P