Agency Information Collection Request; 30-Day Public Comment Request, 45116-45117 [2010-18792]
Download as PDF
<![CDATA[
erowe on DSK5CLS3C1PROD with NOTICES
45116
Federal Register / Vol. 75, No. 147 / Monday, August 2, 2010 / Notices
number and policy number; and Social
Security number. The company also
collects and maintains sensitive
information from or about its employees
and job applicants, which includes,
among other things, Social Security
numbers.
The complaint further alleges that
Rite Aid engaged in a number of
practices that, taken together, failed to
provide reasonable and appropriate
security for sensitive information from
consumers, employees, and job
applicants. In particular, Rite Aid failed
to: (1) implement policies and
procedures to dispose securely of such
information, including, but not limited
to, policies and procedures to render the
information unreadable in the course of
disposal; (2) adequately train employees
to dispose securely of such information;
(3) use reasonable measures to assess
compliance with its established policies
and procedures for the disposal of such
information; or (4) employ a reasonable
process for discovering and remedying
risks to such information.
The complaint alleges that as a result
of these failures, Rite Aid pharmacies
discarded materials containing sensitive
information in clear readable text (such
as pharmacy labels and job applications)
in unsecured, publicly-accessible trash
dumpsters on numerous occasions. For
example, in July 2006 and continuing
into 2007 and 2008, television stations
and other media outlets reported finding
such information in unsecured
dumpsters used by Rite Aid pharmacies
in at least 7 cities throughout the United
States. When discarded in publiclyaccessible dumpsters, such information
can be obtained by individuals for
purposes of identity theft or the theft of
prescription medicines.
The proposed order applies to
sensitive information about consumers,
employees, and job applicants obtained
by Rite Aid. It contains provisions
designed to prevent Rite Aid from
engaging in the future in practices
similar to those alleged in the
complaint.
Part I of the proposed order prohibits
misrepresentations about the security,
confidentiality, and integrity of
sensitive information. Part II of the
order requires Rite Aid to establish and
maintain a comprehensive information
security program that is reasonably
designed to protect the security,
confidentiality, and integrity of such
information (whether in paper or
electronic format) about consumers,
employees, and those seeking to become
employees. The order covers health and
other sensitive information obtained by
all Rite Aid entities, including, but not
limited to, retail pharmacies. The
VerDate Mar<15>2010
15:04 Jul 30, 2010
Jkt 220001
security program must contain
administrative, technical, and physical
safeguards appropriate to Rite Aid’s size
and complexity, the nature and scope of
its activities, and the sensitivity of the
information collected from or about
consumers and employees. Specifically,
the order requires Rite Aid to:
∑ Designate an employee or
employees to coordinate and be
accountable for the information security
program.
∑ Identify material internal and
external risks to the security,
confidentiality, and integrity of
sensitive information that could result
in the unauthorized disclosure, misuse,
loss, alteration, destruction, or other
compromise of such information, and
assess the sufficiency of any safeguards
in place to control these risks.
∑ Design and implement reasonable
safeguards to control the risks identified
through risk assessment, and regularly
test or monitor the effectiveness of the
safeguards’ key controls, systems, and
procedures.
∑ Develop and use reasonable steps to
select and retain service providers
capable of appropriately safeguarding
sensitive information they receive from
Rite Aid, and require service providers
by contract to implement and maintain
appropriate safeguards.
∑ Evaluate and adjust its information
security programs in light of the results
of testing and monitoring, any material
changes to operations or business
arrangements, or any other
circumstances that it knows or has
reason to know may have a material
impact on its information security
program.
Part III of the proposed order requires
Rite Aid to obtain within one year, and
on a biennial basis thereafter for a
period of twenty (20) years, an
assessment and report from a qualified,
objective, independent third-party
professional, certifying, among other
things, that: (1) it has in place a security
program that provides protections that
meet or exceed the protections required
by Part II of the proposed order; and (2)
its security program is operating with
sufficient effectiveness to provide
reasonable assurance that the security,
confidentiality, and integrity of
sensitive consumer, employee, and job
applicant information has been
protected.
Parts IV through VIII of the proposed
order are reporting and compliance
provisions. Part IV requires Rite Aid to
retain documents relating to its
compliance with the order. For most
records, the order requires that the
documents be retained for a five-year
period. For the third-party assessments
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
and supporting documents, Rite Aid
must retain the documents for a period
of three years after the date that each
assessment is prepared. Part V requires
dissemination of the order now and in
the future to persons with
responsibilities relating to the subject
matter of the order. Part VI ensures
notification to the FTC of changes in
corporate status. Part VII mandates that
Rite Aid submit a compliance report to
the FTC within 60 days, and
periodically thereafter as requested. Part
VIII is a provision ‘‘sunsetting’’ the order
after twenty (20) years, with certain
exceptions.
The Commission conducted its
investigation jointly with the Office for
Civil Rights in the Department of Health
and Human Services (‘‘OCR-HHS’’).
Working together, the Commission and
OCR-HHS each entered into separate but
coordinated agreements with Rite Aid to
resolve all the issues of both agencies.
This is the Commission’s twentyninth case to challenge the failure by a
company to implement reasonable
information security practices, and the
second case: (1) involving a health
provider, (2) proceeding jointly with
OCR-HHS, and (3) challenging the
security of employee data.
The purpose of this analysis is to
facilitate public comment on the
proposed order. It is not intended to
constitute an official interpretation of
the proposed order or to modify its
terms in any way.
By direction of the Commission.
Donald S. Clark
Secretary.
[FR Doc. 2010–18941 Filed 7–30–10; 8:45 am]
BILLING CODE 6750–01–S
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
[Document Identifier OS–0990–New; 30-Day
Notice]
Agency Information Collection
Request; 30-Day Public Comment
Request
Office of the Secretary, HHS.
In compliance with the requirement
of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the
Office of the Secretary (OS), Department
of Health and Human Services, is
publishing the following summary of a
proposed collection for public
comment. Interested persons are invited
to send comments regarding this burden
estimate or any other aspect of this
collection of information, including any
of the following subjects: (1) The
necessity and utility of the proposed
AGENCY:
E:\FR\FM\02AUN1.SGM
02AUN1
45117
Federal Register / Vol. 75, No. 147 / Monday, August 2, 2010 / Notices
information collection for the proper
performance of the agency’s functions;
(2) the accuracy of the estimated
burden; (3) ways to enhance the quality,
utility, and clarity of the information to
be collected; and (4) the use of
automated collection techniques or
other forms of information technology to
minimize the information collection
burden.
To obtain copies of the supporting
statement and any related forms for the
proposed paperwork collections
referenced above, e-mail your request,
including your address, phone number,
OMB number, and OS document
identifier, to
for Juvenile Delinquency and HIV
Prevention Program’’. The evaluation is
designed to determine best practices
and gender-responsive strategies for atrisk girls and adolescents between the
ages of nine and 17 years. Data will be
collected from program participants,
parents of program participants,
program staff (i.e. program directors and
program staff), program partners and
community residents and will be
submitted to OWH as required.
Primarily private non-profit
organizations and girls and adolescents
participating in the program and their
parents will be affected by this data
collection.
Sherette.funncoleman@hhs.gov, or call
the Reports Clearance Office on (202)
690–5683. Send written comments and
recommendations for the proposed
information collections within 30 days
of this notice directly to the OS OMB
Desk Officer; faxed to OMB at 202–395–
5806.
Proposed Project: Girls at Greater Risk
for Juvenile Delinquency and HIV
Prevention Program—OMB No. 0990–
New—Office on Women’s Health
(OWH).
Abstract: The Office on Women’s
Health (OWH) is seeking a new
clearance to a conduct a three year data
collection associated with the
evaluation of the ‘‘Girls at Greater Risk
ESTIMATED ANNUALIZED BURDEN TABLE
Number of
responses per
respondent
Type of respondent
Prevention Education Questionnaire
Focus group ......................................
Focus group ......................................
Interview ............................................
Interview ............................................
Interview ............................................
Focus group ......................................
Community Event Survey .................
Program participant ..........................
Program participant ..........................
Parent of Program participant ..........
Program Director ..............................
Program Staff ...................................
Program Staff ...................................
Program Partner ...............................
Program Partner ...............................
Community Resident ........................
750
120
120
10
10
10
60
120
250
2
1
1
2
150
2
1
1
1
2
90/60
90/60
90/60
30/60
45/60
45/60
90/60
5/60
3,000
180
180
30
750
15
45
180
21
Total ...........................................
...........................................................
........................
........................
........................
4,401
Seleda Perryman,
Office of the Secretary, Paperwork Reduction
Act Clearance Officer.
[FR Doc. 2010–18792 Filed 7–30–10; 8:45 am]
BILLING CODE 4150–33–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
[Document Identifier OS–4040–0002]
Agency Information Collection
Request. 30-Day Public Comment
Request; 30-Day Notice
Office of the Secretary, HHS.
In compliance with the requirement
of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the
Office of the Secretary (OS), Department
of Health and Human Services, is
publishing the following summary of a
proposed collection for public
comment. Interested persons are invited
erowe on DSK5CLS3C1PROD with NOTICES
AGENCY:
Number of
respondents
Average
burden hours
per response
Forms
(if necessary)
Total burden
hours
the Reports Clearance Office on (202)
690–5683. Send written comments and
recommendations for the proposed
information collections within 30 days
of this notice directly to the OS OMB
Desk Officer; faxed to OMB at 202–395–
5806.
Proposed Project: SF–424
Mandatory—Revision—OMB No. 4040–
0002–Grants.gov.
Abstract: The SF–424 mandatory
forms are the government-wide forms
used for mandatory grant programs. The
only proposed revision to the form
includes making the fax number in
block 17 optional. The revised form will
assist agencies in collecting required
data elements through the SF–424
applications. This form could be
utilized by up to 26 Federal grant
making agencies with mandatory grant
programs. The current 4040–0002
collection expires on July 31, 2010.
to send comments regarding this burden
estimate or any other aspect of this
collection of information, including any
of the following subjects: (1) The
necessity and utility of the proposed
information collection for the proper
performance of the agency’s functions;
(2) the accuracy of the estimated
burden; (3) ways to enhance the quality,
utility, and clarity of the information to
be collected; and (4) the use of
automated collection techniques or
other forms of information technology to
minimize the information collection
burden.
To obtain copies of the supporting
statement and any related forms for the
proposed paperwork collections
referenced above, e-mail your request,
including your address, phone number,
OMB number, and OS document
identifier, to
Sherette.funncoleman@hhs.gov, or call
ESTIMATED ANNUALIZED BURDEN TABLE
Number of
respondents
Agency
DOT .................................................................................................................
VerDate Mar<15>2010
15:04 Jul 30, 2010
Jkt 220001
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
Number of
responses per
respondent
300
E:\FR\FM\02AUN1.SGM
1
02AUN1
Average burden per response
(in hours)
1
Total burden
hours
300
]]>Agencies
[Federal Register Volume 75, Number 147 (Monday, August 2, 2010)]
[Notices]
[Pages 45116-45117]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-18792]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
[Document Identifier OS-0990-New; 30-Day Notice]
Agency Information Collection Request; 30-Day Public Comment
Request
AGENCY: Office of the Secretary, HHS.
In compliance with the requirement of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the Office of the Secretary (OS),
Department of Health and Human Services, is publishing the following
summary of a proposed collection for public comment. Interested persons
are invited to send comments regarding this burden estimate or any
other aspect of this collection of information, including any of the
following subjects: (1) The necessity and utility of the proposed
[[Page 45117]]
information collection for the proper performance of the agency's
functions; (2) the accuracy of the estimated burden; (3) ways to
enhance the quality, utility, and clarity of the information to be
collected; and (4) the use of automated collection techniques or other
forms of information technology to minimize the information collection
burden.
To obtain copies of the supporting statement and any related forms
for the proposed paperwork collections referenced above, e-mail your
request, including your address, phone number, OMB number, and OS
document identifier, to Sherette.funncoleman@hhs.gov, or call the
Reports Clearance Office on (202) 690-5683. Send written comments and
recommendations for the proposed information collections within 30 days
of this notice directly to the OS OMB Desk Officer; faxed to OMB at
202-395-5806.
Proposed Project: Girls at Greater Risk for Juvenile Delinquency
and HIV Prevention Program--OMB No. 0990-New--Office on Women's Health
(OWH).
Abstract: The Office on Women's Health (OWH) is seeking a new
clearance to a conduct a three year data collection associated with the
evaluation of the ``Girls at Greater Risk for Juvenile Delinquency and
HIV Prevention Program''. The evaluation is designed to determine best
practices and gender-responsive strategies for at-risk girls and
adolescents between the ages of nine and 17 years. Data will be
collected from program participants, parents of program participants,
program staff (i.e. program directors and program staff), program
partners and community residents and will be submitted to OWH as
required. Primarily private non-profit organizations and girls and
adolescents participating in the program and their parents will be
affected by this data collection.
Estimated Annualized Burden Table
----------------------------------------------------------------------------------------------------------------
Number of Average
Forms (if necessary) Type of Number of responses per burden hours Total burden
respondent respondents respondent per response hours
----------------------------------------------------------------------------------------------------------------
Prevention Education Program 750 2 2 3,000
Questionnaire. participant.
Focus group................... Program 120 1 90/60 180
participant.
Focus group................... Parent of 120 1 90/60 180
Program
participant.
Interview..................... Program Director 10 2 90/60 30
Program Staff... 10 150 30/60 750
Interview..................... Program Staff... 10 2 45/60 15
Interview..................... Program Partner. 60 1 45/60 45
Focus group................... Program Partner. 120 1 90/60 180
Community Event Survey........ Community 250 1 5/60 21
Resident.
---------------
Total..................... ................ .............. .............. .............. 4,401
----------------------------------------------------------------------------------------------------------------
Seleda Perryman,
Office of the Secretary, Paperwork Reduction Act Clearance Officer.
[FR Doc. 2010-18792 Filed 7-30-10; 8:45 am]
BILLING CODE 4150-33-P
