[Federal Register: April 11, 2008 (Volume 73, Number 71)]
[Rules and Regulations]
[Page 19747-19748]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr11ap08-4]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF VETERANS AFFAIRS
38 CFR Part 75
RIN 2900-AM63
Data Breaches
AGENCY: Department of Veterans Affairs.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This document adopts, without change, the interim final rule
that was published in the Federal Register on June 22, 2007, addressing
data breaches of sensitive personal information that is processed or
maintained by the Department of Veterans Affairs (VA). This final rule
implements certain provisions of the Veterans Benefits, Health Care,
and Information Technology Act of 2006. The regulations prescribe the
mechanisms for taking action in response to a data breach of sensitive
personal information.
DATES: Effective Date: April 11, 2008.
FOR FURTHER INFORMATION CONTACT: Jonelle Lewis, Office of Information
Protection and Risk Management (005R), U.S. Department of Veterans
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Telephone:
(202) 461-6400. This is not a toll-free number.
SUPPLEMENTARY INFORMATION: On June 22, 2007, VA published an interim
final rule in the Federal Register (72 FR 34395). The interim final
rule addressed data breaches of sensitive personal information that is
processed or maintained by VA. This final rule implements 38 U.S.C.
5724 and 5727, which were enacted as part of Title IX of Public Law
109-461, the Veterans Benefits, Health Care, and Information Technology
Act of 2006.
We provided a 60-day comment period that ended August 21, 2007. We
received no comments. Based on the rationale set forth in the interim
final rule, we adopt the provisions of the interim final rule as a
final rule without any changes.
Administrative Procedure Act
This document, without change, affirms the amendment made by the
interim final rule that is already in effect. The Secretary of Veterans
Affairs concluded that, under 5 U.S.C. 553, there was good cause to
dispense with the opportunity for prior comment with respect to this
rule. The Secretary found that it was unnecessary to delay this
regulation for the purpose of soliciting prior public comment based on
the statutory mandate in 38 U.S.C. 5724 to publish the amendment as an
interim final rule. Nevertheless, the Secretary invited public comment
on the interim final rule but did not receive any comments.
Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and, when regulation is
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety,
and other advantages; distributive impacts; and equity). The Executive
Order classifies a ``significant regulatory action,'' requiring review
by the Office of Management and Budget (OMB), as any regulatory action
that is likely to result in a rule that may: (1) Have an annual effect
on the economy of $100 million or more or adversely affect in a
material way the economy, a sector of the economy, productivity,
competition, jobs, the environment, public health or safety, or State,
local, or tribal governments or communities; (2) create a serious
inconsistency or otherwise interfere with an action taken or planned by
another agency; (3) materially alter the budgetary impact of
entitlements, grants, user fees, or loan programs or the rights and
obligations of recipients thereof; or (4) raise novel legal or policy
issues arising out of legal mandates, the President's priorities, or
the principles set forth in the Executive Order.
The economic, interagency, budgetary, legal, and policy
implications of this rule have been examined and it has been determined
to be a significant regulatory action under the Executive Order because
it is likely to result in a rule that may raise novel legal or policy
issues arising out of legal mandates, the President's priorities, or
the principles set forth in the Executive Order.
Unfunded Mandates
The Unfunded Mandates Reform Act of 1995 requires, at 2 U.S.C.
1532, that agencies prepare an assessment of anticipated costs and
benefits before issuing any rule that may result in expenditure by
State, local, and tribal governments, in the aggregate, or by the
private sector, of $100 million or more (adjusted annually for
inflation) in any
[[Page 19748]]
given year. This rule would have no such effect on State, local, and
tribal governments or the private sector.
Paperwork Reduction Act
This document contains no provisions constituting a collection of
information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-
3521).
Regulatory Flexibility Act
The provisions of the Regulatory Flexibility Act (5 U.S.C. 601-612)
do not apply to this interim final rule because the provisions of 38
U.S.C. 5724 require that this document be promulgated as an interim
final rule, and, consequently, a notice of proposed rulemaking was not
required for the rule. 5 U.S.C. 603-604.
Catalog of Federal Domestic Assistance Numbers
There are no Catalog of Federal Domestic Assistance numbers and
titles for this rule.
List of Subjects in 38 CFR Part 75
Administrative practice and procedure, Credit monitoring, Data
breach, Data breach analysis, Data mining, Fraud alerts, Identity theft
insurance, Information, Notification, Risk analysis, Security measures.
Approved: April 4, 2008.
Gordon H. Mansfield,
Deputy Secretary of Veterans Affairs.
PART 75--INFORMATION SECURITY MATTERS
Accordingly, the interim final rule establishing 38 CFR part 75
that was published in the Federal Register at 72 FR 34395 on June 22,
2007, is adopted as a final rule without changes.
[FR Doc. E8-7726 Filed 4-10-08; 8:45 am]
BILLING CODE 8320-01-P