[Federal Register Volume 72, Number 163 (Thursday, August 23, 2007)]
[Notices]
[Pages 48312-48313]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-16697]


-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Privacy Act Systems of Records

AGENCY: Small Business Administration.

ACTION: Notice of new routine use; request for comment.

-----------------------------------------------------------------------

SUMMARY: The Small Business Administration (SBA) is adding a new 
routine use to each of the agency's Privacy Act Systems of Records. 
This new routine use will allow SBA to disclose to appropriate 
agencies, entities and persons pertinent information for purposes of 
preventing, minimizing or remedying any harm that may result from a 
breach of the data maintained in those records.

DATES: Written comments on the new routine use must be received on or 
before October 9, 2007. The routine use will be effective without 
further action at the end of the comment period, unless comments 
received require a contrary determination.

ADDRESSES: Written comments should be directed to Lisa J. Babcock, 
Chief, Freedom of Information/Privacy Acts Office, U.S. Small Business 
Administration, 409 3rd Street, SW., Washington, DC 20416.

FOR FURTHER INFORMATION CONTACT: Lisa J. Babcock, Chief, Freedom of 
Information/Privacy Acts Office, (202) 401-8203.

SUPPPLEMENTARY INFORMATION: On May 22, 2007, the Office of Management 
and Budget (OMB) issued Memorandum M-07-16, ``Safeguarding Against and 
Responding to the Breach of Personally Identifiable Information.'' The 
memorandum includes a recommendation for agencies to adopt a routine 
use specifically applying to the disclosure of such information in the 
event of a suspected or confirmed breach. This new routine use is in 
response to that recommendation and is intended to facilitate timely 
and effective response in the event of a breach by allowing disclosure 
to those persons, agencies and entities that are in a position to 
assist the agency in notifying affected individuals or in preventing, 
minimizing or remedying harm from the breach.
    The Privacy Act requires agencies to publish notice in the Federal 
Register when there is a revision, including addition of routine uses, 
to an agency's

[[Page 48313]]

system of records. See, 5 U.S.C. 552a (e)(4) and (11). In accordance 
with that requirement, this notice also provides the public a 30-day 
period in which to comment on the new routine use. SBA is also 
providing the Congress and OMB a 40-day advance notice as required by 
the Privacy Act. See, 5 U.S.C. a(r).
    SBA's Privacy Act complete systems of records, which can be viewed 
on the agency's Web site at: http://www.sba.gov/aboutsba/sbaprograms/foia/papias/index.html was last published on September 30, 2004 at 69 
FR 58598, and consist of the following:

SBA 1--Administrative Claims.
SBA 2--Administrator's Executive Secretariat Files.
SBA 3--Advisory Council Files.
SBA 4--Office of Inspector General Records Other Than Investigations
    Records.
SBA 5--Business and Community Initiatives Resource Files.
SBA 6--Civil Rights Compliance Files.
SBA 7--Combined Federal Campaign.
SBA 8--Correspondence and Inquiries.
SBA 9--Cost Allocation Data System.
SBA 10--Employee Identification Card Files.
SBA 11--Entrepreneurial Development--Management Information System.
SBA 12--Equal Employment Opportunity Pre-Complaint Counseling.
SBA 13--Equal Employment Opportunity Complaint Cases.
SBA 14--Freedom of Information/Privacy Act Records.
SBA 15--Grievance and Appeals Files.
SBA 16--Investigative Files.
SBA 17--Investigations Division Management Information System.
SBA 18--Legal Work Files on Personnel Cases.
SBA 19--Litigation and Claims Files.
SBA 20--Disaster Loan Case Files.
SBA 21--Loan System.
SBA 22--Outside Employment Files.
SBA 23--Payroll Files.
SBA 24--Personnel Security Files.
SBA 25--Portfolio Review Files.
SBA 26--Power of Attorney Files.
SBA 27--Security and Investigations Files.
SBA 28--Small Business Persons and Advocate Awards.
SBA 29--Standards of Conduct.
SBA 30--Servicing and Contracts System/Minority Enterprise.
Development Headquarters Repository.
SBA 31--Temporary Disaster Employee Files.
SBA 32--Tort Claims.
SBA 33--Travel Files.
SBA 34--Identity Management System.

    SBA will revise these systems of records by adding the following 
new routine use at the end of the existing routine uses for each 
system. The text of this routine use is the same as recommended in OMB 
M-07-16 and is consistent with the text of the routine use already 
adopted by several agencies, including the Department of Justice, for 
the same purpose described in this notice.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses

    To appropriate agencies, entities, and persons when (1) The Agency 
suspects or has confirmed that the security or confidentiality of 
information in the system or records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the Agency 
or another agency or entity) that rely upon the compromised 
information; and (3) the disclosure made to such agencies, entities, 
and persons is reasonably necessary to assist in connection with the 
Agency's efforts to respond to the suspected or confirmed compromise 
and prevent, minimize, or remedy such harm.

    Dated: August 17, 2007.
Delorice P. Ford,
Assistant Administrator for Hearings and Appeals.
[FR Doc. E7-16697 Filed 8-22-07; 8:45 am]
BILLING CODE 8025-01-P