SUMMARY:

The Peace Corps proposes to adopt a new routine use that would permit disclosure of Peace Corps records governed by the Privacy Act when reasonably necessary to respond to, prevent, minimize, or remedy, harm that may result from an agency data breach or compromise.

DATES:

The deadline for public comments is September 24, 2007. Comments received after that date will be considered at the Peace Corps' discretion.

ADDRESSES:

You may submit comments by e-mail to sglasow@peacecorps.gov. Include Privacy Act System of Records Routine Use in the subject line of the message. You may also submit comments by mail to Suzanne Glasow, Office of the General Counsel, Peace Corps, Suite 8200, 1111 20th Street, NW., Washington, DC 20526. Contact Suzanne Glasow for copies of comments.

FOR FURTHER INFORMATION CONTACT:

Suzanne Glasow, Associate General Counsel, 202-692-2150, sglasow@peacecorps.gov.

SUPPLEMENTARY INFORMATION:

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, this document provides public notice that the Peace Corps is proposing to adopt a new “routine use” that will apply to all Peace Corps records systems covered by the Privacy Act of 1974. The Act applies to agency systems of records identified in the list below (including number of system, system name, volume number in the Federal Register, and the date(s) of publication). The new routine use would be added to the list of General Routine Uses, which describes routine uses that apply to all Peace Corps Privacy Act records systems listed below.

This new routine use is needed in order to allow for disclosure of records to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach of data contained in the protected systems. This routine use will facilitate an effective response to a confirmed or suspected breach by allowing for disclosure to individuals affected by the breach, in cases, if any, where such disclosure is not otherwise authorized under the Act. This routine use will also authorize disclosures to others who are in a position to assist in response efforts, either by assisting in notification to affected individuals or otherwise playing a role in preventing, minimizing, or remedying harms from the breach.

The Privacy Act authorizes the agency to adopt routine uses that are consistent with the purpose for which information is collected and subject to that Act. 5 U.S.C. 552a(b)(3); see also 5 U.S.C. 552a(a)(7). The Peace Corps believes that it is consistent with the collection of information pertaining to such individuals to disclose Privacy Act records when, in doing so, it will help prevent, minimize or remedy a data breach or compromise that may affect such individuals. The Peace Corps believes that failure to take reasonable steps to help prevent or minimize the harm that may result from such a breach or compromise would jeopardize, rather than promote, the privacy of such individuals. Accordingly, the Peace Corps concludes that it is authorized under the Privacy Act to adopt a routine use permitting disclosure of Privacy Act records for such purposes.

In accordance with the Privacy Act, see 5 U.S.C. 552a(e)(4) and (11), the Peace Corps is publishing notice of this routine use and giving the public a 30-day period to comment before adopting it as final. The Peace Corps is also providing at least 40 days advance notice of this proposed system notice amendment to OMB and the Congress, as required by the Act, 5 U.S.C. 552a(r), and OMB Circular A-130, Revised, Appendix I. We note that the text of this routine use is taken from the routine use that has already been published in final form by the Department of Justice and the Federal Trade Commission after public comment. See 72 FR 3410 (Jan. 25, 2007); 72 FR 31835 (June 8, 2007). Similarly, after taking into account Start Printed Page 44880comments, if any, received by the Peace Corps, the Peace Corps intends to publish its proposed routine use as final after the period for OMB and Congressional review is complete.

Accordingly, the Peace Corps hereby proposes to amend General Routine Uses of its Privacy Act system notices, as published at 65 FR 53,772 (September 5, 2000), by adding the following new routine use:

General Routine Use M: To all appropriate agencies, entities, and persons when (1) The Peace Corps suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Peace Corps has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Peace Corps or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Peace Corps' efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.