Occupational Safety and Health Review Commission.
Notice of New Blanket Routine Use.
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, as amended, the Occupational Safety and Health Review Commission (OSHRC) is proposing in this notice the addition of a new blanket routine use. OSHRC's Privacy Act system-of-records notices are published in full at 72 FR 54301, 54301–03 (Sept. 24, 2007), and 71 FR 19556, 19556–67 (Apr. 14, 2006).
Comments must be received by OSHRC on or before September 15, 2008. The new blanket routine use will become effective on that date, without any further notice in the
You may submit comments by any of the following methods:
•
•
•
•
Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606–5410, or via e-mail at
The Privacy Act of 1974, 5 U.S.C. 552a(e)(4) and (11), requires OSHRC to publish in the
On May 22, 2007, the Office of Management and Budget (“OMB”) issued a memorandum for the heads of Executive Departments and Agencies entitled “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” OMB directed agencies to develop and publish a routine use for disclosure of information in connection with response and remedial efforts in the event of a data breach. Therefore, OSHRC is adding a new blanket routine use that, in the event of a data breach, authorizes OSHRC to disclose relevant information
OSHRC's proposed blanket routine use is published below. The first ten blanket routine uses, which remain in effect, were last published in full text on April 14, 2006 at 71 FR 19556, 19558–59.
(11) A record from an OSHRC system of records may be disclosed as a blanket routine use to appropriate agencies, entities, and persons when:
(a) OSHRC suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; and
(b) OSHRC has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by OSHRC or another agency or entity) that rely upon the compromised information; and
(c) The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.