Browse: Departments Dates Agencies
AGENCY FOR INTERNATIONAL DEVELOPMENT
Agency for International Development
NOTICE: NOTICES
DOCUMENT ACTION: Notice of proposed general routine use.
SUBJECT CATEGORY: Privacy Act of 1974; System of Records
DATES: Written comments must be received on or before December 12, 2007. The proposed general routine use will be effective January 11, 2008 unless the Agency receives comments which would result in a contrary determination.
DOCUMENT SUMMARY: The United States Agency for International Development (USAID) is providing notice to alter each of its system of records by adding a new general routine use subject to the Privacy Act of 1974, as amended (5 U.S.C. 552a). The new general routine use will permit disclosure of USAID records protected by the Privacy Act when reasonably necessary to respond, prevent, minimize or remedy harm that may result from an agency data breach. This notice complies with subsection (e)(11) of the Privacy Act (5 U.S.C. 552a), which requires agencies to publish advance notice of any new routine use of information in a system of records.
SUMMARY: Privacy Act; systems of records,
SUPPLEMENTAL INFORMATION
Pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a) notice is hereby given that USAID proposes to modify all of its Privacy Act system of records to include a new general routine use permitting disclosure to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach or compromise of data contained in a system of records. USAID is publishing notice of this new general routine use and giving the public a 30 day period to comment before adopting it as final. The purpose and intent of publishing the routine use is to give individuals full and fair notice of the extent of potential disclosures, consistent with the Privacy Act's requirement that individuals be made aware of how their records may be disclosed.USAID is following recommendations from the Office of Management and Budget (OMB) memorandum M0716 ``Safeguarding Against and Responding to the Breach of Personally Identifiable Information'' and the President's Identity Theft Task Force's Strategic Plan, which advised all federal agencies to publish a routine use for their systems of records allowing for the disclosure of information in the course of responding to a breach of data maintained in a system of records. The routine use will facilitate an effective response to a confirmed or suspected breach by allowing for the disclosure to those individuals affected by the breach, as well as to others who are in a position to assist in the Agency's response efforts, either by a role in preventing, minimizing or remedying harms from the breach.
The Privacy Act authorizes the Agency to adopt routine uses that are consistent with the purpose for which information is collected and subject to the Privacy Act. OMB guidance also recognizes cases in which routine uses are necessary and proper for the efficient conduct of the government and in the best interest of both the individual and the public. A routine use to provide for disclosure in connection with response and remedial efforts in the event of a breach of federal data would qualify as a necessary and proper use of information.
A report of the proposed new general routine use has been sent to Congress and to the Office of Management and Budget for their evaluation.
Accordingly, USAID proposes to amend its Privacy Act general
routine uses, as published by adding the following new routine use at the end of the existing routine uses set forth:
Statement of General Routine Uses
* * * * *
15. To appropriate agencies, entities, and persons when (1) USAID
suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) USAID
has determined that as a result of the suspected or confirmed
compromise there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the USAID or
another Agency or entity) that rely upon the compromised information;
and (3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with USAID's efforts to
respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
Dated: December 5, 2007.
Philip M. Heneghan,
Chief Privacy Officer.
[FR Doc. E724062 Filed 121107; 8:45 am]
BILLING CODE 611601P
FOR FURTHER INFORMATION CONTACT For general questions regarding this notice, please contact: Rhonda L. Turnbow, Deputy Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue, NW., Office 7.606A, Washington, DC 205232120 or by email: privacy@usaid.gov.
Common CFR Searches
14 CFR Part 39 40 CFR Part 52 14 CFR Part 71 33 CFR Part 165 50 CFR Part 679 47 CFR Part 73 26 CFR Part 1 40 CFR Part 180 33 CFR Part 117 50 CFR Part 17 44 CFR Part 67 50 CFR Part 648 14 CFR Part 97 40 CFR Part 63 33 CFR Part 100 50 CFR Part 622 50 CFR Part 660 26 CFR Part 301 44 CFR Part 65 39 CFR Part 111 40 CFR Part 300 6 CFR Part 5 40 CFR Part 271 47 CFR Part 64 40 CFR Parts 52 and 81 50 CFR Part 665 10 CFR Part 50 44 CFR Part 64 49 CFR Part 571 39 CFR Part 3020