[Federal Register Volume 73, Number 136 (Tuesday, July 15, 2008)]
[Notices]
[Pages 40649-40651]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-16159]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice 6290]


Privacy Act of 1974 Amendment of Prefatory Statement of Routine 
Uses to Department of State Privacy Act Issuances

    Summary: Notice is hereby given that the Department of State 
proposes to amend the Prefatory Statement of

[[Page 40650]]

Routine Uses to Department of State Privacy Act Issuances, pursuant to 
the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a), 
and the Office of Management and Budget (OMB) Circular No. A-130, 
Appendix I. The Department's report was filed with the OMB on July 8, 
2008.
    It is proposed that the amended Prefatory Statement notify 
individuals of an additional routine use of Privacy Act information. 
The OMB requires all federal agencies to be able to quickly and 
efficiently respond in the event of a breach of personally identifiable 
information and directed agencies to publish a routine use that will 
allow disclosure of Privacy Act information to persons and entities in 
a position to assist with notifying affected individuals, or playing a 
role in preventing, minimizing, or remedying any harm from a breach.
    The Department of State is proposing to add a new routine use that 
will allow it to meet the OMB objective of responding quickly and 
efficiently should such a breach occur. The new routine use will help 
the Department prevent, minimize, or remedy a data breach or 
compromise. All responses to a confirmed or suspected breach will be 
prepared on a case-by-case basis. The purpose of the amendment to the 
Prefatory Statement is to allow the Department to respond more quickly 
and efficiently in the event of a breach of personally identifiable 
information and, when necessary, to disclose information regarding the 
breach to individuals identified under the routine use, and to give the 
affected individuals full and fair notice of the extent of these 
potential disclosures.
    The proposed routine use is compatible with the purpose for which 
information maintained by the Department originally was collected. As 
indicated in the April 2007 Strategic Plan report issued by the 
President's Identity Theft Task Force (page 83) and OMB M-07-16, a 
routine use to provide for disclosure in connection with response and 
remedial efforts in the event of a breach of federal data qualifies as 
a necessary and proper use of information--a use that is in the best 
interest of both the individual and the public. Such a routine use will 
serve to protect the interests of the individuals whose information is 
at issue by allowing the Department to take appropriate steps to 
facilitate a timely and effective response, thereby improving its 
ability to prevent, minimize, or remedy any harm resulting from a 
compromise of data maintained in its systems of records.
    Additional editorial and housekeeping changes are also incorporated 
in the amended prefatory statement. In particular, these changes 
improve formatting to clarify that separate routine uses apply to 
potential disclosures to Courts and Contractors, and update references 
to potential recipients of terrorism-related information to specify the 
National Counterterrorism Center (instead of its precursor 
organization, the Terrorist Threat Integration Center) and the 
Department of Homeland Security.
    Any persons interested in commenting on this amendment to the 
Prefatory Statement of routine uses to Department of State Privacy Act 
Issuances may do so by submitting comments in writing to Margaret P. 
Grafeld, Director, Office of Information Programs and Services, A/ISS/
IPS, U.S. Department of State, SA-2, Washington, DC 20522-8001.
    The new routine use amendment to the Prefatory Statement of Routine 
Uses to Department of State Privacy Act Issuances will be effective 40 
days from the date of publication, unless we receive comments that 
result in a contrary determination.
    The amendment will read as set forth below.

    Dated: July 8, 2008.
Rajkumar Chellaraj,
Assistant Secretary for the Bureau of Administration, Department of 
State.

Department of State

Prefatory Statement of Routine Uses

Law Enforcement

    In the event that a system of records maintained by this agency to 
carry out its functions indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred, as a routine use, to the 
appropriate agency, whether federal, state, local or foreign, charged 
with the responsibility of investigating or prosecuting such violation 
or charged with enforcing or implementing the statute, or rule, 
regulation or order issued pursuant thereto.

Terrorism and Homeland Security

    A record from the Department's systems of records may be disclosed 
to the Federal Bureau of Investigation, the Department of Homeland 
Security, the National Counter-Terrorism Center (NCTC), the Terrorist 
Screening Center (TSC), or other appropriate federal agencies, for the 
integration and use of such information to protect against terrorism, 
if that record is about one or more individuals known, or suspected, to 
be or to have been involved in activities constituting, in preparation 
for, in aid of, or related to terrorism. Such information may be 
further disseminated by recipient agencies to Federal, State, local, 
territorial, tribal, and foreign government authorities, and to support 
private sector processes as contemplated in Homeland Security 
Presidential Directive/HSPD-6 and other relevant laws and directives, 
for terrorist screening, threat-protection and other homeland security 
purposes.

Disclosure When Requesting Information

    A record from this system of records may be disclosed as a 
``routine use'' to a federal, state or local agency maintaining civil, 
criminal or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to an agency decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant or other 
benefit.

Disclosure of Requested Information

    A record from this system of records may be disclosed to a federal 
agency, in response to its request, in connection with the hiring or 
retention of an employee, the issuance of a security clearance, the 
reporting of an investigation of an employee, the letting of a 
contract, or the issuance of a license, grant, or other benefit by the 
requesting agency, to the extent that the information is relevant and 
necessary to the requesting agency's decision on the matter.
    A record from this system of records may be disclosed to a federal, 
state, local or foreign agency as a routine use response to such an 
agency's request, where there is reason to believe that an individual 
has violated the law, whether civil, criminal or regulatory in nature, 
and whether arising by general statute or particular program statute, 
or by regulation, rule or order issued pursuant thereto, if necessary, 
and only to the extent necessary, to enable such agency to discharge 
its responsibilities of investigating or prosecuting such violation or 
its responsibilities with enforcing or implementing the statute, or 
rule, regulation or order issued pursuant thereto.
    A record from this system of records may be disclosed to a foreign 
agency as a routine response to such an agency's

[[Page 40651]]

request when the information is necessary for the foreign agency to 
adjudicate and determine an individual's entitlement to rights and 
benefits, or obligations owed to the foreign agency, such as 
information necessary to establish identity or nationality.

Office of Management and Budget

    The information contained in this system of records will be 
disclosed to the Office of Management and Budget in connection with 
review of private relief legislation, as set forth in OMB Circular No. 
A-19, at any stage of the legislative coordination and clearance 
process as set forth in that Circular.

Members of Congress

    Disclosure may be made to a congressional office from the record of 
an individual in response to an inquiry from the Congressional office 
made at the request of that individual.

Contractors

    Information from a system of records may be disclosed to anyone who 
is under contract to the Department of State to fulfill an agency 
function but only to the extent necessary to fulfill that function.

Courts

    Information from a system of records may be made available to any 
court of competent jurisdiction, whether Federal, state, local or 
foreign, when necessary for the litigation and adjudication of a case 
involving an individual who is the subject of a Departmental record.

National Archives, General Services Administration

    A record from a system of records may be disclosed as a routine use 
to the National Archives and Records Administration and the General 
Services Administration: For records management inspections, surveys 
and studies; following transfer to a Federal records center for 
storage; and to determine whether such records have sufficient 
historical or other value to warrant accessioning into the National 
Archives of the United States.

Department of Justice

    A record may be disclosed as a routine use to any component of the 
Department of Justice, including United States Attorneys, for the 
purpose of representing the Department of State or any officer or 
employee of the Department of State in pending or potential litigation 
to which the record is pertinent.

Persons or Entities in Response to an Actual or Suspected Compromise or 
Breach of Personally Identifiable Information

    To appropriate agencies, entities, and persons when (1) the 
Department of State suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; (2) the Department has determined that as a result of the 
suspected or confirmed compromise there is a risk of harm to economic 
or property interests, identity theft or fraud, or harm to the security 
or integrity of this system or other systems or programs (whether 
maintained by the Department or another agency or entity) that rely 
upon the compromised information; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the Department's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.

[FR Doc. E8-16159 Filed 7-14-08; 8:45 am]
BILLING CODE 4710-24-P