Department of State July 15, 2008 – Federal Register Recent Federal Regulation Documents

Notice is hereby given that the Department of State proposes to amend the Prefatory Statement of Routine Uses to Department of State Privacy Act Issuances, pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a), and the Office of Management and Budget (OMB) Circular No. A-130, Appendix I. The Department's report was filed with the OMB on July 8, 2008. It is proposed that the amended Prefatory Statement notify individuals of an additional routine use of Privacy Act information. The OMB requires all federal agencies to be able to quickly and efficiently respond in the event of a breach of personally identifiable information and directed agencies to publish a routine use that will allow disclosure of Privacy Act information to persons and entities in a position to assist with notifying affected individuals, or playing a role in preventing, minimizing, or remedying any harm from a breach. The Department of State is proposing to add a new routine use that will allow it to meet the OMB objective of responding quickly and efficiently should such a breach occur. The new routine use will help the Department prevent, minimize, or remedy a data breach or compromise. All responses to a confirmed or suspected breach will be prepared on a case-by-case basis. The purpose of the amendment to the Prefatory Statement is to allow the Department to respond more quickly and efficiently in the event of a breach of personally identifiable information and, when necessary, to disclose information regarding the breach to individuals identified under the routine use, and to give the affected individuals full and fair notice of the extent of these potential disclosures. The proposed routine use is compatible with the purpose for which information maintained by the Department originally was collected. As indicated in the April 2007 Strategic Plan report issued by the President's Identity Theft Task Force (page 83) and OMB M-07-16, a routine use to provide for disclosure in connection with response and remedial efforts in the event of a breach of federal data qualifies as a necessary and proper use of informationa use that is in the best interest of both the individual and the public. Such a routine use will serve to protect the interests of the individuals whose information is at issue by allowing the Department to take appropriate steps to facilitate a timely and effective response, thereby improving its ability to prevent, minimize, or remedy any harm resulting from a compromise of data maintained in its systems of records. Additional editorial and housekeeping changes are also incorporated in the amended prefatory statement. In particular, these changes improve formatting to clarify that separate routine uses apply to potential disclosures to Courts and Contractors, and update references to potential recipients of terrorism-related information to specify the National Counterterrorism Center (instead of its precursor organization, the Terrorist Threat Integration Center) and the Department of Homeland Security. Any persons interested in commenting on this amendment to the Prefatory Statement of routine uses to Department of State Privacy Act Issuances may do so by submitting comments in writing to Margaret P. Grafeld, Director, Office of Information Programs and Services, A/ISS/ IPS, U.S. Department of State, SA-2, Washington, DC 20522-8001. The new routine use amendment to the Prefatory Statement of Routine Uses to Department of State Privacy Act Issuances will be effective 40 days from the date of publication, unless we receive comments that result in a contrary determination. The amendment will read as set forth below.