AGENCY:

Defense Nuclear Facilities Safety Board (Board).

ACTION:

Notice of revision of routine uses of Privacy Act systems of records.

SUMMARY:

Each Federal agency is required by the Privacy Act of 1974, 5 U.S.C. 552a, to publish a description of the systems of records containing personal information defined by the Act. In this notice, the Board updates the routine uses to all systems of records as required by the Office of Management and Budget Memorandum, M-07-16, dated May 22, 2007, entitled “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” This new routine use enables the Board to quickly and effectively respond to a breach of personally identifiable information through disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to the affected individuals or playing a role in preventing or minimizing harms from the breach.

FOR FURTHER INFORMATION CONTACT:

Richard A. Azzaro, General Counsel, Defense Nuclear Facilities Safety Board, 625 Indiana Avenue, NW., Suite 700, Washington, DC 20004, (202) 694-7000, mailbox@dnfsb.gov.

SUPPLEMENTARY INFORMATION:

The Board adds the following paragraph to each of its eight systems of records, under the section entitled, “Routine Uses of Records Maintained in the System, Including Categories of Users and the Purpose of Such Uses:” The Board will disclose information to appropriate agencies, entities, and persons when the Board (1) Suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) determines that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Board or another agency or entity) that rely upon the compromised information; and (3) deems the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Board's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.