[Federal Register Volume 73, Number 177 (Thursday, September 11, 2008)]
[Notices]
[Pages 52833-52834]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-21116]


-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Commodity Futures Trading Commission (CFTC).

ACTION: Proposed routine use; request for public comment.

-----------------------------------------------------------------------

SUMMARY: The CFTC proposes to adopt a new routine use that would permit 
disclosure of CFTC records governed by the Privacy Act when reasonably 
necessary to respond and prevent, minimize, or remedy harm that may 
result from an agency data breach or compromise.

DATES: The deadline for public comments is October 14, 2008. Comments 
received after that date will be considered at the CFTC's discretion.

ADDRESSES: Interested parties are invited to submit written comments. 
Reference should be made to ``Privacy Act of 1974; System of Records.'' 
Comments should be mailed or delivered to: Commodity Futures Trading 
Commission, 1155 21st Street, NW., Washington, DC 20581, Attention: 
Office of the Secretariat. Comments may be sent by facsimile to 
202.418.5521, or by e-mail to [email protected].

FOR FURTHER INFORMATION CONTACT: Gail Scott, Attorney, CFTC, Office of 
General Counsel, 1155 21st Street, NW., Washington, DC 20581, 202-418-
5139, [email protected].

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
5 U.S.C. 552a, and as recommended in the Office of Management and 
Budget Memorandum M-07-16 (Attachment 2), this document provides public 
notice that the CFTC is proposing to adopt a new ``routine use'' that 
will apply to all CFTC records systems covered by the Privacy Act of 
1974. The Act applies to agency systems of records about individuals 
that the agency maintains and retrieves by name or other personal 
identifier, such as its personnel and payroll systems and certain other 
CFTC records systems. A list of the agency's current Privacy Act 
systems of records can be viewed on the CFTC's Web site at: http://www.cftc.gov/lawandregulation/federalregister/systemsofrecords/index.htm. The new routine use would be added to the section General 
Statement of Routine Uses, which describes routine uses that apply 
globally to all CFTC Privacy Act records systems.
    This new routine use is needed in order to allow for disclosure of 
records to appropriate persons and entities for purposes of response 
and remedial efforts in the event of a breach of data contained in the 
protected systems. This routine use will facilitate an effective 
response to a confirmed or suspected breach by allowing for disclosure 
to individuals affected by the breach, in cases, if any, where such 
disclosure is not otherwise authorized under the Act. This routine use 
will also authorize disclosures to others who are in a position to 
assist in response efforts, either by assisting in notification to 
affected individuals or otherwise playing a role in preventing, 
minimizing, or remedying harms from the breach.
    The Privacy Act authorizes the agency to adopt routine uses that 
are consistent with the purpose for which information is collected and 
subject to that Act. 5 U.S.C. 552a(b)(3); see also 5 U.S.C. 552a(a)(7). 
The CFTC believes that it is consistent with the collection of 
information pertaining to such individuals to disclose Privacy Act 
records when, in doing so, it will help prevent, minimize or remedy a 
data breach or compromise that may affect such individuals. By 
contrast, the CFTC believes that failure to take reasonable

[[Page 52834]]

steps to help prevent, minimize the harm that may result from such a 
breach or compromise would jeopardize, rather than promote, the privacy 
of such individuals. Accordingly, the Commission concludes that it is 
authorized under the Privacy Act to adopt a routine use permitting 
disclosure of Privacy Act records for such purposes.
    In accordance with the Privacy Act, see 5 U.S.C. 552a(e)(4) and 
(11), the CFTC is publishing notice of this routine use and giving the 
public a 30-day period to comment before adopting it as final. The CFTC 
is also providing at least 40 days advance notice of this proposed 
system notice amendment to OMB and the Congress, as required by the 
Act, 5 U.S.C. 552a(r), and OMB Circular A-130, Revised, Appendix I. We 
note that the text of this routine use is taken from the routine use 
that has already been published in final form by the Department of 
Justice after public comment. See 72 FR 3410 (Jan. 25, 2007). 
Similarly, after taking into account comments, if any, received by the 
CFTC, the CFTC intends to publish its proposed routine use as final 
after the period for OMB and Congressional review is complete, 
including whatever revisions may be deemed appropriate or necessary, if 
any.
    Accordingly, the CFTC hereby proposes to amend the section General 
Statement of Routine Uses of its Privacy Act system notices, as 
published at 66 FR 41842, by adding the following new routine use at 
the end of the existing routine uses set forth in that Appendix:
* * * * *
    To appropriate agencies, entities, and persons when (1) the CFTC 
suspects or has confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) the CFTC 
has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the CFTC or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the CFTC's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

    By direction of the Commission on September 8, 2008.
David A. Stawick,
Secretary of the Commission.
[FR Doc. E8-21116 Filed 9-10-08; 8:45 am]
BILLING CODE 6351-01-P