Summary: Notice is hereby given that the Department of State proposes to amend the Prefatory Statement of Start Printed Page 40650Routine Uses to Department of State Privacy Act Issuances, pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a), and the Office of Management and Budget (OMB) Circular No. A-130, Appendix I. The Department's report was filed with the OMB on July 8, 2008.
It is proposed that the amended Prefatory Statement notify individuals of an additional routine use of Privacy Act information. The OMB requires all federal agencies to be able to quickly and efficiently respond in the event of a breach of personally identifiable information and directed agencies to publish a routine use that will allow disclosure of Privacy Act information to persons and entities in a position to assist with notifying affected individuals, or playing a role in preventing, minimizing, or remedying any harm from a breach.
The Department of State is proposing to add a new routine use that will allow it to meet the OMB objective of responding quickly and efficiently should such a breach occur. The new routine use will help the Department prevent, minimize, or remedy a data breach or compromise. All responses to a confirmed or suspected breach will be prepared on a case-by-case basis. The purpose of the amendment to the Prefatory Statement is to allow the Department to respond more quickly and efficiently in the event of a breach of personally identifiable information and, when necessary, to disclose information regarding the breach to individuals identified under the routine use, and to give the affected individuals full and fair notice of the extent of these potential disclosures.
The proposed routine use is compatible with the purpose for which information maintained by the Department originally was collected. As indicated in the April 2007 Strategic Plan report issued by the President's Identity Theft Task Force (page 83) and OMB M-07-16, a routine use to provide for disclosure in connection with response and remedial efforts in the event of a breach of federal data qualifies as a necessary and proper use of information—a use that is in the best interest of both the individual and the public. Such a routine use will serve to protect the interests of the individuals whose information is at issue by allowing the Department to take appropriate steps to facilitate a timely and effective response, thereby improving its ability to prevent, minimize, or remedy any harm resulting from a compromise of data maintained in its systems of records.
Additional editorial and housekeeping changes are also incorporated in the amended prefatory statement. In particular, these changes improve formatting to clarify that separate routine uses apply to potential disclosures to Courts and Contractors, and update references to potential recipients of terrorism-related information to specify the National Counterterrorism Center (instead of its precursor organization, the Terrorist Threat Integration Center) and the Department of Homeland Security.
Any persons interested in commenting on this amendment to the Prefatory Statement of routine uses to Department of State Privacy Act Issuances may do so by submitting comments in writing to Margaret P. Grafeld, Director, Office of Information Programs and Services, A/ISS/IPS, U.S. Department of State, SA-2, Washington, DC 20522-8001.
The new routine use amendment to the Prefatory Statement of Routine Uses to Department of State Privacy Act Issuances will be effective 40 days from the date of publication, unless we receive comments that result in a contrary determination.
The amendment will read as set forth below.Start Signature
Dated: July 8, 2008.
Assistant Secretary for the Bureau of Administration, Department of State.
Department of State
Prefatory Statement of Routine Uses
In the event that a system of records maintained by this agency to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether federal, state, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto.
Terrorism and Homeland Security
A record from the Department's systems of records may be disclosed to the Federal Bureau of Investigation, the Department of Homeland Security, the National Counter-Terrorism Center (NCTC), the Terrorist Screening Center (TSC), or other appropriate federal agencies, for the integration and use of such information to protect against terrorism, if that record is about one or more individuals known, or suspected, to be or to have been involved in activities constituting, in preparation for, in aid of, or related to terrorism. Such information may be further disseminated by recipient agencies to Federal, State, local, territorial, tribal, and foreign government authorities, and to support private sector processes as contemplated in Homeland Security Presidential Directive/HSPD-6 and other relevant laws and directives, for terrorist screening, threat-protection and other homeland security purposes.
Disclosure When Requesting Information
A record from this system of records may be disclosed as a “routine use” to a federal, state or local agency maintaining civil, criminal or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit.
Disclosure of Requested Information
A record from this system of records may be disclosed to a federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
A record from this system of records may be disclosed to a federal, state, local or foreign agency as a routine use response to such an agency's request, where there is reason to believe that an individual has violated the law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, if necessary, and only to the extent necessary, to enable such agency to discharge its responsibilities of investigating or prosecuting such violation or its responsibilities with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto.
A record from this system of records may be disclosed to a foreign agency as a routine response to such an agency's Start Printed Page 40651request when the information is necessary for the foreign agency to adjudicate and determine an individual's entitlement to rights and benefits, or obligations owed to the foreign agency, such as information necessary to establish identity or nationality.
Office of Management and Budget
The information contained in this system of records will be disclosed to the Office of Management and Budget in connection with review of private relief legislation, as set forth in OMB Circular No. A-19, at any stage of the legislative coordination and clearance process as set forth in that Circular.
Members of Congress
Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.
Information from a system of records may be disclosed to anyone who is under contract to the Department of State to fulfill an agency function but only to the extent necessary to fulfill that function.
Information from a system of records may be made available to any court of competent jurisdiction, whether Federal, state, local or foreign, when necessary for the litigation and adjudication of a case involving an individual who is the subject of a Departmental record.
National Archives, General Services Administration
A record from a system of records may be disclosed as a routine use to the National Archives and Records Administration and the General Services Administration: For records management inspections, surveys and studies; following transfer to a Federal records center for storage; and to determine whether such records have sufficient historical or other value to warrant accessioning into the National Archives of the United States.
Department of Justice
A record may be disclosed as a routine use to any component of the Department of Justice, including United States Attorneys, for the purpose of representing the Department of State or any officer or employee of the Department of State in pending or potential litigation to which the record is pertinent.
Persons or Entities in Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information
To appropriate agencies, entities, and persons when (1) the Department of State suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.End Preamble
[FR Doc. E8-16159 Filed 7-14-08; 8:45 am]
BILLING CODE 4710-24-P