Privacy Act of 1974; New Blanket Routine Use

AGENCY:

Occupational Safety and Health Review Commission.

ACTION:

Notice of New Blanket Routine Use.

SUMMARY:

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, as amended, the Occupational Safety and Health Review Commission (OSHRC) is proposing in this notice the addition of a new blanket routine use. OSHRC's Privacy Act system-of-records notices are published in full at 72 FR 54301, 54301-03 (Sept. 24, 2007), and 71 FR 19556, 19556-67 (Apr. 14, 2006).

DATES:

Comments must be received by OSHRC on or before September 15, 2008. The new blanket routine use will become effective on that date, without any further notice in the Federal Register, unless comments or government approval procedures necessitate otherwise.

ADDRESSES:

You may submit comments by any of the following methods:

• E-mail: regsdocket@oshrc.gov. Include “PRIVACY ACT BLANKET ROUTINE USE” in the subject line of the message.
• Fax: (202) 606-5417.
• Mail: One Lafayette Centre, 1120 20th Street, NW., Ninth Floor, Washington, DC 20036-3457.
• Hand Delivery/Courier: Same as mailing address.

Instructions: All submissions must include your name, return address and e-mail address, if applicable. Please clearly label submissions as “PRIVACY ACT BLANKET ROUTINE USE.” If you submit comments by e-mail, you will receive an automatic confirmation e-mail from the system indicating that we have received your submission. If, in response to your comment submitted via e-mail, you do not receive a confirmation e-mail within five working days, contact us directly at (202) 606-5410.

FOR FURTHER INFORMATION CONTACT:

Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606-5410, or via e-mail at rbailey@oshrc.gov.

SUPPLEMENTARY INFORMATION:

The Privacy Act of 1974, 5 U.S.C. 552a(e)(4) and (11), requires OSHRC to publish in the Federal Register notice of any new routine use of an OSHRC system of records, and to provide an opportunity for interested persons to submit written data, views, or arguments to the agency. As detailed below, OSHRC is proposing the addition of one new blanket routine use.

On May 22, 2007, the Office of Management and Budget (“OMB”) issued a memorandum for the heads of Executive Departments and Agencies entitled “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” OMB directed agencies to develop and publish a routine use for disclosure of information in connection with response and remedial efforts in the event of a data breach. Therefore, OSHRC is adding a new blanket routine use that, in the event of a data breach, authorizes OSHRC to disclose relevant information to appropriate agencies, entities, and persons. This routine use will serve to protect the interests of any individual affected by a breach because it will enable OSHRC to take the steps necessary to facilitate a timely and effective response to the breach, thereby improving its ability to prevent, minimize, or remedy any harm resulting from a compromise of data maintained in its systems of records.

OSHRC's proposed blanket routine use is published below. The first ten blanket routine uses, which remain in effect, were last published in full text on April 14, 2006 at 71 FR 19556, 19558-59.

Blanket Routine Uses

(11) A record from an OSHRC system of records may be disclosed as a blanket routine use to appropriate agencies, entities, and persons when:

(a) OSHRC suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; and

(b) OSHRC has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by OSHRC or another agency or entity) that rely upon the compromised information; and

(c) The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.