[Federal Register Volume 72, Number 60 (Thursday, March 29, 2007)]
[Notices]
[Pages 14814-14815]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-5821]
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of Records
AGENCY: Federal Trade Commission (FTC).
ACTION: Proposed routine use; request for public comment.
-----------------------------------------------------------------------
SUMMARY: The FTC proposes to adopt a new routine use that would permit
disclosure of FTC records governed by the Privacy Act when reasonably
necessary to respond and prevent, minimize, or remedy harm that may
result from an agency data breach or compromise.
DATES: The deadline for public comments is April 30, 2007. Comments
received after that date will be considered at the FTC's discretion.
ADDRESSES: Interested parties are invited to submit written comments.
Comments should refer to ``Privacy Act of 1974; System of Records: FTC
File No. P072104'' to facilitate the organization of comments. A
comment filed in paper form should include this reference both in the
text and on the envelope and should be mailed or delivered, with two
complete copies, to the following address: Federal Trade Commission,
Room H-135 (Annex H), 600 Pennsylvania Ave., NW., Washington, DC 20580.
The FTC is requesting that any comment filed in paper form be sent by
courier or overnight service, if possible, because U.S. postal mail in
the Washington area and at the Commission is subject to delay due to
heightened security precautions. Moreover, because paper mail in the
Washington area and at the Commission is subject to delay, please
consider submitting your comments in electronic form, as prescribed
below. However, if the comment contains any material for which
confidential treatment is requested, it must be filed in paper form,
and the first page of the document must be clearly labeled
``Confidential.'' \1\
---------------------------------------------------------------------------
\1\ Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be
accompanied by an explicit request for confidential treatment,
including the factual and legal basis for the request, and must
identify the specific portions of the comment to be withheld from
the public record. The request will be granted or denied by the
Commission's General Counsel, consistent with applicable law and the
public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------
Comments filed in electronic form should be submitted by following
the instructions on the web-based form at https://secure.commentworks.com/PrivacyAct1974. To ensure that the Commission
considers an electronic comment, you must file it on the web-based form
at the https://secure.commentworks.com/PrivacyAct1974 weblink. If this
notice appears at www.regulations.gov, you may also file an electronic
comment through that Web site. The Commission will consider all
comments that regulations.gov forwards to it.
The FTC Act and other laws the Commission administers permit the
collection of public comments to consider and use in this matter as
appropriate. All timely and responsive public comments will be
considered by the Commission and will be available to the public on the
FTC Web site, to the extent practicable, at www.ftc.gov. As a matter of
discretion, the FTC makes every effort to remove home contact
information for individuals from the public comments it receives before
placing those comments on the FTC Web site. More information, including
routine uses permitted by the Privacy Act, may be found in the FTC's
privacy policy at http://www.ftc.gov/ftc/privacy.htm.
FOR FURTHER INFORMATION CONTACT: Alex Tang, Attorney, FTC, Office of
General
[[Page 14815]]
Counsel, 600 Pennsylvania Ave. NW, Washington, DC 20580, 202-326-2447,
[email protected].
SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974,
5 U.S.C. 552a, this document provides public notice that the FTC is
proposing to adopt a new ``routine use'' that will apply to all FTC
records systems covered by the Privacy Act of 1974. The Act applies to
agency systems of records about individuals that the agency maintains
and retrieves by name or other personal identifier, such as its
personnel and payroll systems and certain other FTC records systems. A
list of the agency's current Privacy Act records systems can be viewed
on the FTC's Web site at: http://www.ftc.gov/foia/listofpasystems.htm.
The new routine use would be added to Appendix 1, which describes
routine uses that apply globally to all FTC Privacy Act records
systems. See 57 FR 45678 (1992), http://www.ftc.gov/foia/sysnot/appendix1.pdf.
This new routine use is needed in order to allow for disclosure of
records to appropriate persons and entities for purposes of response
and remedial efforts in the event of a breach of data contained in the
protected systems. This routine use will facilitate an effective
response to a confirmed or suspected breach by allowing for disclosure
to individuals affected by the breach, in cases, if any, where such
disclosure is not otherwise authorized under the Act. This routine use
will also authorize disclosures to others who are in a position to
assist in response efforts, either by assisting in notification to
affected individuals or otherwise playing a role in preventing,
minimizing, or remedying harms from the breach.
The Privacy Act authorizes the agency to adopt routine uses that
are consistent with the purpose for which information is collected and
subject to that Act. 5 U.S.C. 552a(b)(3); see also 5 U.S.C. 552a(a)(7).
The FTC believes that it is consistent with the collection of
information pertaining to such individuals to disclose Privacy Act
records when, in doing so, it will help prevent, minimize or remedy a
data breach or compromise that may affect such individuals. By
contrast, the FTC believes that failure to take reasonable steps to
help prevent, minimize the harm that may result from such a breach or
compromise would jeopardize, rather than promote, the privacy of such
individuals. Accordingly, the Commission concludes that it is
authorized under the Privacy Act to adopt a routine use permitting
disclosure of Privacy Act records for such purposes.
In accordance with the Privacy Act, see 5 U.S.C. 552a(e)(4) and
(11), the FTC is publishing notice of this routine use and giving the
public a 30-day period to comment before adopting it as final. The FTC
is also providing at least 40 days advance notice of this proposed
system notice amendment to OMB and the Congress, as required by the
Act, 5 U.S.C. 552a(r), and OMB Circular A-130, Revised, Appendix I. We
note that the text of this routine use is taken from the routine use
that has already been published in final form by the Department of
Justice after public comment. See 72 FR 3410 (Jan. 25, 2007).
Similarly, after taking into account comments, if any, received by the
FTC, the FTC intends to publish its proposed routine use as final after
the period for OMB and Congressional review is complete, including
whatever revisions may be deemed appropriate or necessary, if any.
Accordingly, the FTC hereby proposes to amend Appendix 1 of its
Privacy Act system notices, as published at 57 FR 45678, by adding the
following new routine use at the end of the existing routine uses set
forth in that Appendix:
* * * * *
To appropriate agencies, entities, and persons when (1) the FTC
suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) the FTC
has determined that as a result of the suspected or confirmed
compromise there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the FTC or
another agency or entity) that rely upon the compromised information;
and (3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the FTC's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. E7-5821 Filed 3-28-07; 8:45 am]
BILLING CODE 6750-01-P