Proposed Addition of a Routine Use to NSF Systems of Records

Authority: 44 U.S.C. 3101 and 42 U.S.C. 1870; OMB Memorandum M-07-16, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.”

ACTION:

Notice of alteration to existing Privacy Act systems of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, the National Science Foundation is altering its existing systems of records in accordance with OMB Memorandum M-07-16, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” M-07-16 calls on agencies to publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.

A Federal agency's ability to respond quickly and effectively in the event of a breach of Federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response may necessitate disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach.

The information to be disclosed to such persons and entities may be subject to the Privacy Act, 5 U.S.C. 552a. The Privacy Act prohibits the disclosure of any record in a system of records absent the written consent of the subject individual, unless the disclosure falls within one of the twelve statutory exceptions, including a routine use, 5 U.S.C. 552a(b)(3).

As described in the President's Identity Theft Task Force's Strategic Plan, all agencies should publish a routine use for their systems of records allowing for the disclosure of information in the course of responding to a breach of Federal data. See Appendix B of the Identity Theft Task Force report ( http://www.identity theft.gov/reports/StrategicPlan.pdf). Such a routine use will serve to protect the interests of the individuals whose information is at issue by allowing agencies to take appropriate steps to facilitate a timely and effective response, thereby improving their ability to prevent, minimize, or remedy any harm resulting from a compromise of data maintained in their systems of records.

Accordingly, NSF proposes to add the following routine use to each of its Systems of Records Notices listed below:

To appropriate agencies, entities, and persons when (1) the NSF suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the NSF has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the NSF or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the NSF's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

DATES:

Submit comments on or before August 30, 2007. The proposed altered systems will become effective on September 30, 2007.

ADDRESSES:

Send comments to Leslie Jensen, National Science Foundation, Office of the General Counsel, Room 1265, 4201 Wilson Boulevard, Arlington, Virginia 22230 or by electronic mail (e-mail) to: ljensen@nsf.gov.

SUPPLEMENTARY INFORMATION:

This publication is in accordance with the Privacy Act requirement that agencies publish their amended systems of records in the Federal Register when there is a revision, change, or addition. NSF's Office of the General Counsel (OGC) has reviewed its Systems of Records notice and has determined that its records systems notices must be revised to incorporate the change described herein. As required by 5 U.S.C. 552a(R) and Appendix I to OMB Circular A-130, “Federal Agency Responsibilities for Maintaining Records about Individuals,” dated November 30, 2000, a report of an altered system of records has been submitted to the Committee on Government Reform of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Office of Management and Budget.

Submit comments as an ASCII file avoiding the use of special characters and any form of encryption. Identify all comments sent in electronic E-mail with Subject Line: Comments on proposed changes to Privacy Act SORNs.

FOR FURTHER INFORMATION CONTACT:

Leslie Jensen (703) 292-5065.

System Names:

NSF-3 Application and Account for Advance of Funds

NSF-6 Doctorate Records File

NSF-8 Employee Grievance Files

NSF-10 Employee's Payroll Jacket

NSF-12 Fellowships and Other Awards

NSF-13 Fellowship Payroll

NSF-16 Individual Retirement Record (SF-2806)

NSF-18 Integrated Personnel System (IPERS)

NSF-19 Medical Examination Records for Service in the Polar Regions

NSF-22 NSF Payroll System

NSF-23 NSF Staff Biography

NSF-24 Official Passports

NSF-26 Personnel Security

NSF-34 Integrated Time and Attendance System (ITAS)

NSF-36 Personnel Tracking System (Antarctic)

NSF-38 Visa Applications and Alien Application for Consideration of Waiver of Two-Year Foreign Residence Requirements—NSF

NSF-43 Doctorate Work History File

NSF-48 Telephone Call Detail Program Records

NSF-49 Frequent Traveler Profile

NSF-50 Principal Investigator/Proposal File & Associated Records

NSF-51 Reviewer/Proposal File & Associated Records

NSF-52 Office of Inspector General Investigative Files

NSF-53 Public Transportation Subsidy Program

NSF-54 Reviewer/Fellowship & Other Award File & All Associated Records

NSF-55 Debarment/Scientific Misconduct Files

NSF-56 Antarctic Conservation Act Files

NSF-57 Delinquent Debtors File

NSF-59 Science & Technology Centers (STC) Database

NSF-60 Antarctica Service Records

NSF-61 Diving Safety Records (Polar Regions)

NSF-62 Radiation Safety Records (Polar Regions)

NSF-63 Accident & Injury Reports (Antarctic)

NSF-64 Project Participant File

NSF-65 NSF Electronic Payment File

NSF-66 NSF Photo Identification Card System

NSF-67 Invention, Patent & Licensing Documents

NSF-68 Project Results Information Database

NSF-69 Education and Training Records Files

NSF-70 NSF Visitor Credentials System

NSF-71 General Correspondence Files