Notices. Notice and request for comments

5,349 words·~24 min read·/register/2007/06/08/07-2861·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

BILLING CODE 4810-35-P; 7535-01-P; 6210-01-P; 6714-01-P; 6720-01-P FEDERAL MARITIME COMMISSION Agency Information Collection Activities: Proposed Collection; Comment Request AGENCY: Federal Maritime Commission. ACTION: Notice and request for comments. SUMMARY: In accordance with the Paperwork Reduction Act of 1995 and the Office of Management and Budget (“OMB”) regulations, the Federal Maritime Commission is announcing its intention to request a revision of an approved information collection regarding the licensing of ocean transportation intermediaries.

DATES: Comments must be submitted on or before August 7, 2007. ADDRESSES: You may send comments to: Peter J. King, Director, Office of Administration, Federal Maritime Commission, 800 North Capitol Street, NW., Washington, DC 20573, (Telephone:

(202)523-5800), *administration@fmc.gov.* Please reference the information collection's title and OMB number in your comments. FOR FURTHER INFORMATION CONTACT: To obtain additional information, copies of the information collection and instructions, or copies of any comments received, contact Jane Gregory, Management Analyst, Office of Administration, Federal Maritime Commission, 800 North Capitol Street, NW., Washington, DC 20573, (Telephone:

(202)523-5800), *jgregory@fmc.gov.* SUPPLEMENTARY INFORMATION: Request for Comments The Federal Maritime Commission, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to comment on the revised information collection listed in this notice, as required by the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 *et seq.* ). Comments submitted in response to this notice will be included or summarized in our request for OMB approval of the relevant information collection. All comments are part of the public record and subject to disclosure. Please do not include any confidential or inappropriate material in your comments. We invite comments on:

(1)The necessity and utility of the proposed information collection for the proper performance of the agency's functions;

(2)the accuracy of the estimated burden;

(3)ways to enhance the quality, utility, and clarity of the information to be collected; and

(4)the use of automated collection techniques or other forms of information technology to minimize the information collection burden. Information Collection Open for Comment *Title:* 46 CFR 515—Licensing, Financial Responsibility Requirements and General Duties for Ocean Transportation Intermediaries and Related Forms. *OMB Approval Number:* 3072-0018 (Expires July 31, 2007). *Abstract:* Section 19 of the Shipping Act of 1984 (the “Act”), 46 U.S.C. 40901-40904 (2006), as modified by Public Law 105-258 (The Ocean Shipping Reform Act of 1998) and Section 424 of Public Law 105-383 (The Coast Guard Authorization Act of 1998), provides that no person in the United States may act as an ocean transportation intermediary (“OTI”) unless that person holds a license issued by the Commission. The Commission shall issue an OTI license to any person that the Commission determines to be qualified by experience and character to act as an OTI. Further, no person may act as an OTI unless that person furnishes a bond, proof of insurance or other surety in a form and amount determined by the Commission to ensure financial responsibility. The Commission has implemented the provisions of section 19 in regulations contained in 46 CFR part 515, including financial responsibility forms FMC-48, FMC-67, FMC-68, and FMC-69, Optional Rider Forms FMC-48A and FMC-69A, and its related license application form, FMC-18. *Current Actions:* The Commission intends to revise Form FMC-18, Application for a License as an Ocean Transportation Intermediary. Specifically, language is being added to the Privacy Act Notice regarding voluntary disclosure of the applicant's Social Security Number, and the System of Records citation is being updated. In the Paperwork Reduction Act Notice, the estimated time to prepare an Application is being revised from 1.5 hours per response to 2 hours. Throughout the Application, any reference to the Bureau of Consumer Complaints and Licensing (“BCCL”) has been changed to the Bureau of Certification and Licensing (“BCL”). Also, language has been added to Question 7(2) in Part B, and to Question 13(3) in Part D, allowing applicant or its qualifying individual to disclose whether he/she has “been declared bankrupt, been subject to a tax lien, or had legal judgment rendered for a debt.” In accordance with the Privacy Act of 1974, this would allow the agency, to the greatest extent practicable, to collect information about an applicant that may be used in making a decision with respect to the granting of an OTI license, directly from the applicant. *Type of Review:* Revision of information collection contained in Form FMC-18, Application for a License as an Ocean Transportation Intermediary. *Needs and Uses:* The Commission uses information obtained under 46 CFR part 515 and through Form FMC-18 to determine the qualifications of OTIs and their compliance with shipping statutes and regulations and to enable the Commission to discharge its duties under the Act by ensuring that OTIs maintain acceptable evidence of financial responsibility. If the collection of information were not conducted, there would be no basis upon which the Commission could determine if applicants are qualified for licensing. *Frequency:* This information is collected when applicants apply for a license or when existing licensees change certain information in their application forms. *Type of Respondents:* The respondents are persons desiring to obtain a license to act as an OTI. Under the Act, OTIs may be either an ocean freight forwarder, a non-vessel-operating common carrier, or both. *Number of Annual Respondents:* The Commission estimates a potential annual respondent universe of 4,765 entities. *Estimated Time Per Response:* The time per response for completing Application Form FMC-18 averages 2 hours. The time to complete a financial responsibility form averages 20 minutes. *Total Annual Burden:* The Commission estimates the annual burden for Form FMC-18 to be 1,400 person-hours, and for the financial responsibility forms to be 2,196 hours. The total annual person-hour burden for this collection is estimated to be 3,596 person-hours. Bryant L. VanBrakle, Secretary. [FR Doc. E7-11067 Filed 6-7-07; 8:45 am] BILLING CODE 6730-01-P FEDERAL RESERVE SYSTEM Change in Bank Control Notices; Acquisition of Shares of Bank or Bank Holding Companies The notificants listed below have applied under the Change in Bank Control Act (12 U.S.C. 1817(j)) and § 225.41 of the Board’s Regulation Y (12 CFR 225.41) to acquire a bank or bank holding company. The factors that are considered in acting on the notices are set forth in paragraph 7 of the Act (12 U.S.C. 1817(j)(7)). The notices are available for immediate inspection at the Federal Reserve Bank indicated. The notices also will be available for inspection at the office of the Board of Governors. Interested persons may express their views in writing to the Reserve Bank indicated for that notice or to the offices of the Board of Governors. Comments must be received not later than June 25, 2007. **A. Federal Reserve Bank of St. Louis** (Glenda Wilson, Community Affairs Officer) 411 Locust Street, St. Louis, Missouri 63166-2034: *1. Bennie F. Ryburn, Jr.* , as sole voting trustee of the Bennie F. Ryburn Family Trust; to retain voting shares of Drew Bancshares, Inc., and thereby indirectly retain voting shares of Commercial Bank & Trust Company, all of Monticello, Arkansas. **B. Federal Reserve Bank of Minneapolis** (Jacqueline G. King, Community Affairs Officer) 90 Hennepin Avenue, Minneapolis, Minnesota 55480-0291: *1. William H. Unger* , Sauk Centre, Minnesota, and Alfred P. Minnerath, Starbuck, Minnesota; to acquire control of Sauk Centre Financial Services, Inc., and thereby indirectly acquire control of First National Bank of Sauk Centre, both of Sauk Centre, Minnesota. **C. Federal Reserve Bank of Dallas** (W. Arthur Tribble, Vice President) 2200 North Pearl Street, Dallas, Texas 75201-2272: *1. David E. Locke* , Miami, Texas, Locke M. Carter, Wolfforth, Texas, and Susan Moore Carter Rhoades, Pampa, Texas; to acquire voting shares of Miami Bancshares, Inc., and thereby indirectly acquire voting shares of First State Bank of Miami Texas, both of Miami, Texas. Board of Governors of the Federal Reserve System, June 5, 2007. Robert deV. Frierson, Deputy Secretary of the Board. [FR Doc. E7-11091 Filed 6-7-07; 8:45 am] BILLING CODE 6210-01-S FEDERAL RESERVE SYSTEM Federal Open Market Committee; Domestic Policy Directive of May 9, 2007 In accordance with § 271.25 of its rules regarding availability of information (12 CFR part 271), there is set forth below the domestic policy directive issued by the Federal Open Market Committee at its meeting held on May 9, 2007. 1 1 Copies of the Minutes of the Federal Open Market Committee meeting on May 9, 2007, which includes the domestic policy directive issued at the meeting, are available upon request to the Board of Governors of the Federal Reserve System, Washington, D.C. 20551. The minutes are published in the Federal Reserve Bulletin and in the Board's annual report. The Federal Open Market Committee seeks monetary and financial conditions that will foster price stability and promote sustainable growth in output. To further its long-run objectives, the Committee in the immediate future seeks conditions in reserve markets consistent with maintaining the federal funds rate at an average of around 5 1/4 percent. By order of the Federal Open Market Committee, May 31, 2007. Vincent R. Reinhart, Secretary, Federal Open Market Committee. [FR Doc. E7-11106 Field 6-7-07; 8:45 am] BILLING CODE 6210-01-S FEDERAL TRADE COMMISSION Agency Information Collection Activities; Submission for OMB Review; Comment Request AGENCY: Federal Trade Commission. ACTION: Notice. SUMMARY: The information collection requirements described below will be submitted to the Office of Management and Budget (“OMB”) for review, as required by the Paperwork Reduction Act (“PRA”). The Federal Trade Commission (“FTC” or “Commission”) is seeking public comments on its proposal to extend through June 30, 2010 the current OMB clearance for information collection requirements contained in its Identity Theft Report Definition Rule (“Rule”). That clearance expires on June 30, 2007. DATES: Comments must be filed by July 9, 2007. ADDRESSES: Interested parties are invited to submit written comments. Comments should refer to “IDT Report Rule: FTC Matter No. R411011,” to facilitate the organization of comments. A comment filed in paper form should include this reference both in the text and on the envelope and should be mailed or delivered, with two complete copies, to the following address: Federal Trade Commission, Room H-135 (Annex J), 600 Pennsylvania Ave., N.W., Washington, D.C. 20580. Because paper mail in the Washington area and at the Commission is subject to delay, please consider submitting your comments in electronic form, as prescribed below. However, if the comment contains any material for which confidential treatment is requested, it must be filed in paper form, and the first page of the document must be clearly labeled “Confidential.” 1 1 Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be accompanied by an explicit request for confidential treatment, including the factual and legal basis for the request, and must identify the specific portions of the comment to be withheld from the public record. The request will be granted or denied by the Commission's General Counsel, consistent with applicable law and the public interest. *See* Commission Rule 4.9(c), 16 CFR 4.9(c). Comments filed in electronic form should be submitted by following the instructions on the web-based form at *https://secure.commentworks.com/ftc-IDTReportRule* . To ensure that the Commission considers an electronic comment, you must file it on the web-based form at the *https://secure.commentworks.com/ftc-IDTReportRule* weblink. If this notice appears at *www.regulations.gov* , you may also file an electronic comment through that website. The Commission will consider all comments that regulations.gov forwards to it. Comments also should be submitted to: Office of Management and Budget, ATTN: Desk Officer for the Federal Trade Commission. Comments should be submitted by facsimile to

(202)395- 6974 because U.S. Postal Mail is subject to lengthy delays due to heightened security precautions. The FTC Act and other laws the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. All timely and responsive public comments will be considered by the Commission and will be available to the public on the FTC website, to the extent practicable, at *www.ftc.gov* . As a matter of discretion, the FTC makes every effort to remove home contact information for individuals from the public comments it receives before placing those comments on the FTC website. More information, including routine uses permitted by the Privacy Act, may be found in the FTC’s privacy policy at *http://www.ftc.gov/ftc/privacy.htm* . FOR FURTHER INFORMATION CONTACT: Requests for additional information should be addressed to Kristin Krause Cohen, Attorney, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, N.W., Washington, DC 20580,

(202)326-2252. SUPPLEMENTARY INFORMATION: On March 29, 2007, the FTC sought public comments on its proposal to extend through June 30, 2010 its current OMB clearance for information collection contained in the Rule. See 72 FR 14810. No comments were received. Pursuant to the OMB regulations, 5 CFR Part 1320, that implement the PRA, 44 U.S.C. 3501-3520, the FTC is providing this second opportunity for public comment while seeking OMB approval to extend the existing paperwork clearance for the Rule. All comments should be filed as prescribed in the ADDRESSES section above, and must be received on or before July 9, 2007. The Identity Theft Report Definition Rule, 16 CFR Part 603, was promulgated pursuant to the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act” or the “Act”), Pub.L. 108-159 (December 4, 2003), amending the Fair Credit Reporting Act, which established requirements for consumer reporting agencies, creditors, and others to help remedy problems associated with identity theft. Under the Act, an individual can mitigate a number of specific harms resulting from identity theft by providing an identity theft report to consumer reporting agencies and information furnishers. For example, with an identity theft report, an identity theft victim can obtain a seven year fraud alert or seek to block fraudulent information on their credit report. Pursuant to the FACT Act, the Rule defined the term “identity theft report,” 16 CFR 603.3, and became effective on December 1, 2004. Burden statement: Staff anticipates that, as both individuals and police departments become increasingly aware of the benefits of obtaining an “identity theft report” under the Act, the number of individuals who ultimately obtain an identity theft report will likely increase because the Rule facilitates a victim’s ability to file a law enforcement report. To estimate that increase and associated effect on paperwork burden, staff has drawn from publicly available survey results that quantify:

(a)how many individuals are victimized annually by identity theft; and

(b)the frequency in which consumers file related identity theft reports with law enforcement agencies and other third-parties. In a survey prepared for the Commission by Synovate and issued in September 2003, *Federal Trade Commission—Identity Theft Survey Report* (Synovate Survey Report), 2 Synovate stated that there are 9.91 million individuals victimized by identity theft each year. 3 More recent public data, however, states that in 2006, the number of domestic consumer victims of identity theft totaled 8.9 million, 4 and staff will apply this latter amount to its projections of increased consumer use of identity theft reports. 2 *See* Synovate Survey Report at *http://www.ftc.gov/os/2003/09/synovatereport.pdf.* 3 Synovate Survey Report at 7. 4 *See* *http://www.privacyrights.org/ar/idtheftsurveys.htm* (summarizing findings of the January 2006 Javelin Strategy and Research *2006 Identity Fraud Survey Report* ). The Synovate Survey Report also provided data on the frequency in which consumers file identity theft reports with law enforcement agencies and other third-parties. Staff is unaware of newer publicly available data of this nature. Accordingly, staff will incorporate this previously provided data into its revised estimates of the number of consumers who will obtain identity theft reports. Based on past years’ experience drawn from the Synovate Survey Report, 26% of all identity theft victims contact a law enforcement agency. 5 Of those contacting law enforcement officials, 76% file a police report alleging identity theft. 6 Conversely, 24% of victims who contact a law enforcement agency have not filed a police report. Applying this information to the updated population of identity theft victims, that would amount to 2.314 million individuals contacting a law enforcement agency (8.9 million victims x 26%) of which roughly 555,000 (rounded to the nearest thousand) have not filed a police report. Staff anticipates that the Rule will enable those victims who previously were unable to file reports with local law enforcement to now file reports with a state or federal law enforcement agency. 5 Synovate Survey Report at 59. 6 *Id.* The Synovate Survey Report stated that 43% of identity theft victims annually contact an information furnisher. 7 This would amount to 3.827 million victims in a given year (8.9 million victims x 43%). Based on its knowledge of identity theft trends, staff anticipates that the Rule will result in an increase of 10% of these persons, or roughly 383,000, who will now obtain an identity theft report to file with an information furnisher as proof of being an identity theft victim. 7 *Id.* at 50. In a given year, 3.23 million persons are victims of their personal information being used to open new accounts or to commit other frauds. 8 Of these victims, approximately 20% — or 646,000 — do not take any action on this misuse. 9 Based on its knowledge of identity theft trends, staff estimates that the Rule will likely result in 75%, or 485,000, of these victims obtaining identity theft reports. 8 *Id.* at 7. Absent newer data on this point, staff refers to and applies this Synovate-provided data. 9 Based upon staff’s analysis of data collected in the Synovate Survey Report, these types of victims constitute 20% of such victims. In sum, then, staff estimates that the Rule will increase by 1.423 million the number of individuals obtaining identity theft reports (555,000 + 383,000 + 485,000). **Estimated total annual hours burden:** 545,000 hours (rounded to the nearest thousand) In its 2004 notice of proposed rulemaking and corresponding submission to OMB, FTC staff estimated, based on the experience of the Commission’s Consumer Response Center, that an individual would spend an average of 5 minutes finding and reviewing filing instructions, 8 minutes filing the law enforcement report with the law enforcement agency, and 5 minutes submitting the law enforcement report and any additional information or documentation to the information furnisher or consumer reporting agency, resulting in an average of 18 minutes for each identity theft report. 10 10 These estimates take into account that the time required to file the report will vary depending on the law enforcement agency used by the individual. Staff now estimates, based on the ongoing experience of the Commission’s Consumer Response Center, that an individual will spend 5 minutes finding and reviewing filing instructions, 13 minutes filing the law enforcement report with the law enforcement agency (due to added entry fields), and 5 minutes submitting the law enforcement report and any additional information or documentation to the information furnisher or consumer reporting agency, resulting in an average of 23 minutes for each identity theft report. Thus, the annual information collection burden for the estimated 1.423 million new identity theft reports due to the Rule will be 545,000 hours, rounded to the nearest thousand (1.423 million x 23 minutes ÷ 60 minutes/hour). **Estimated labor costs:** $10,802,000 (rounded to the nearest thousand) Commission staff derived labor costs by applying appropriate hourly cost figures to the burden hours described above. Based on Bureau of Labor Statistics data, further adjusted for inflation, the average national hourly wage for individuals is $19.82. 11 Applied to 545,000 total burden hours yields an estimated $10,802,000 in cumulative labor costs for all those who will newly obtain identity theft reports ($19.82 x 545,000 hours) as a projected result of the Rule. 11 An hourly rate of $18.62 was drawn from average annual Bureau of Labor Statistics National Compensation Survey data, June 2005 (with 2005 as the most recent whole year information available, and June the focal median point), *http://www.bls.gov/ncs/ocs/sp/ncbl0832.pdf* (Table 1.1). Further adjusted by a multiplier of 1.06426 (a compounding for approximate wage inflation for 2005 and 2006, based on the BLS Employment Cost Index), the revised hourly wage is $19.82. **Estimated annual non-labor cost burden:** $0 or minimal Staff believes that the Rule’s paperwork burden imposes negligible capital or other non-labor costs, as an identity theft victim is likely to have the necessary supplies and/or equipment already (telephone, computer, paper, envelopes) for purposes of obtaining the identity theft report and submitting it to information furnishers or consumer reporting agencies. William Blumenthal General Counsel [FR Doc. E7-11049 Filed 6-7-07: 8:45 am] [Billing code: 6750 - 01S] FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). ACTION: Notice of routine use. SUMMARY: The FTC is adopting in final form a new routine use that permits disclosure of FTC records protected by the Privacy Act when reasonably necessary to respond and prevent, minimize, or remedy harm that may result from an agency data breach or compromise. DATES: The routine use is effective June 8, 2007. FOR FURTHER INFORMATION CONTACT: Alex Tang, Attorney, FTC, Office of General Counsel, 600 Pennsylvania Ave. NW, Washington, DC 20580, 202-326-2447, *atang@ftc.gov* . SUPPLEMENTARY INFORMATION: In a document previously published in the FEDERAL REGISTER, 72 FR 14814 (Mar. 29, 2007), the FTC, as required by the Privacy Act of 1974, 5 U.S.C. 552a, sought comments on a proposed new “routine use” of the FTC’s Privacy Act records systems. 1 As the FTC explained, the new routine use, the text of which is set forth at the end of this document, 2 is necessary to allow for disclosures of Privacy Act records by the FTC to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach of data contained in the protected systems. The routine use will facilitate an effective response to a confirmed or suspected breach by allowing for disclosure to individuals affected by the breach, in cases, if any, where such disclosure is not otherwise authorized under the Act. The routine use will also authorize disclosures to others who are in a position to assist in response efforts, either by assisting in notification to affected individuals or otherwise playing a role in preventing, minimizing, or remedying harms from the breach. The FTC explained that this new routine use would be added to Appendix 1 of the FTC’s Privacy Act system notice; that Appendix describes the routine uses that apply globally to all FTC Privacy Act records systems. 3 1 The FTC simultaneously provided OMB and the Congress with 40 days advance notice of the proposed routine use, as required by the Privacy Act, 5 U.S.C. 552a(r), and OMB Circular A-130, Revised, Appendix I. 2 The text of the routine use was taken from the routine use that has already been published in final form by the Department of Justice after public comment. *See* 72 FR 3410 (Jan. 25, 2007). 3 *See* 57 FR 45678 (1992), *http://www.ftc.gov/foia/sysnot/appendix1.pdf* . A list of the agency’s current Privacy Act records systems can be viewed on the FTC’s web site at: *http://www.ftc.gov/foia/listofpasystems.htm* . The Privacy Act authorizes agencies, after public notice and comment, to adopt routine uses that are compatible with the purpose for which information subject to the Act has been collected. 5 U.S.C. 552a(b)(3); *see also* 5 U.S.C. 552a(a)(7). The FTC believes that it is consistent with the agency’s collection of information pertaining to individuals under the Privacy Act to disclose such records when, in doing so, it will help prevent, minimize or remedy a data breach or compromise that may affect such individuals. By contrast, the FTC believes that failure to take reasonable steps to help prevent, minimize or remedy the harm that may result from such a breach or compromise would jeopardize, rather than promote, the privacy of such individuals. In seeking public comments on the proposed routine use, the FTC explained that it would take into account any such comments and make appropriate or necessary revisions, if any, before publishing the proposed routine use as final. In response, the FTC received one comment, from the Electronic Privacy Information Center (EPIC). 4 4 *See http://www.ftc.gov/os/publiccomments.shtm* (#207). First, EPIC urges that the FTC narrow the proposed routine use to the minimum required to fulfill the agency’s stated purpose. EPIC questions what standards or requirements the agency would follow in determining the Privacy Act disclosures to be made in the case of a data breach, and wonders whether the agency would now be routinely disclosing Social Security numbers or other sensitive personal information to other agencies, entities and persons in every data breach investigation. Recognizing that specific disclosures may be necessary, EPIC suggests, for example, that the FTC could create tiers of access, allowing specific categories of individuals limited access to data, according to the needs of the agency’s investigation. The FTC agrees that any disclosure of Privacy Act records in order to investigate or remedy a breach must be necessary and narrowly tailored to the circumstances. The FTC believes that the restriction on disclosures to those that are “reasonably necessary” accurately and appropriately describes the relevant limitation on disclosures under this routine use. The scope of potential disclosures authorized by that routine use is not intended to suggest that the FTC will always disclose all of an individual’s records, if any, every time there is a breach that the agency needs to investigate or mitigate. Rather, the purpose and intent of the routine use is to give individuals full and fair notice of the extent of potential disclosures, consistent with the Privacy Act’s requirement that individuals be made aware of how their records may be disclosed, even if the FTC anticipates that there may often be very limited or no disclosure of an individual’s records to third parties as part of the agency’s investigatory or remedial efforts. Developing fixed categories of access for certain entities or individuals, as EPIC suggests, would not appear to confer significantly greater protection, if any, for an individual’s records than limiting disclosures to those that are “reasonably necessary.” The determination of when disclosure is “reasonably necessary” will logically depend on a case-by-case evaluation of the specific circumstances of the breach, including how much of an individual’s information, if any, it is reasonably necessary to disclose, and the specific nature of the entities to whom such information needs to be disclosed, in order to investigate or respond to a breach. 5 Amending a routine use to accommodate disclosures in response to a breach is not a viable option when there is a clear need to respond rapidly and effectively in investigating and mitigating the breach, in light of the prior notice and comment requirements of the Privacy Act for routine use amendments. 5 For example, under FTC rules, disclosures to other law enforcement agencies may be made on a confidential basis for law enforcement purposes. *See* Commission Rule 4.11(c), 16 CFR 4.11(c). Second, EPIC’s comment advocates that consumers be notified as soon as possible after a security breach results in their personal information being accessed by an unauthorized person, and before notifying any other agency, entity or individual. That issue, however, is outside the scope of a routine use notice under the Privacy Act. The Act requires that agencies notify individuals about the establishment of a Privacy Act system of records, the routine uses of such systems of records, and additional notice at the time that information in such a system is collected from individuals. Nothing in the Act, however, governs or provides criteria for determining when notice of a data breach to affected individuals would be appropriate or not. Guidance on that issue has been issued to all Federal agencies by the Office of Management & Budget (OMB), in conjunction with the President’s Identity Theft Task Force, chaired by the Attorney General and co-chaired by the FTC Chairman. 6 As stated in that guidance, agencies must consider various factors in determining whether notice is appropriate in a given case. The routine use published by the FTC neither addresses nor is it intended to supersede or supplant such guidance, or any other applicable guidance that may later arise in applicable statute, rule or policy regarding when notice to individuals must or should be given. 6 *See* Memorandum for the Heads of Department and Agencies, from Clay Johnson, Deputy Director for Management, OMB, “Recommendations for Identity Theft Related Data Breach Notification” (Sept. 20, 2006) (attaching Memorandum from the Identity Theft Task Force, “Identity Theft Related Data Security Breach Notification Guidance” (Sept. 19, 2006), *also reproduced in* The President’s Identity Theft Task Force, *Combating Identity Theft: A Strategic Plan* (Apr. 2007) at 73-82 (App. A)). Accordingly, after consideration of the above, the FTC has determined to adopt the routine use for data breach as originally published, and hereby amends Appendix 1 of its Privacy Act system notices, as published at 57 FR 45678, by adding the following new routine use at the end of the existing routine uses set forth in that Appendix: * * * To appropriate agencies, entities, and persons when

(1)the FTC suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

(2)the FTC has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the FTC or another agency or entity) that rely upon the compromised information; and

(3)the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FTC’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. By direction of the Commission. Donald S. Clark Secretary [FR Doc. E7-11122 Filed 6-7-07: 8:45 am] [BILLING CODE 6750-01-S] DEPARTMENT OF HEALTH AND HUMAN SERVICES National Committee on Vital and Health Statistics: Meeting Pursuant to the Federal Advisory Committee Act, the Department of Health and Human Services

(HHS)announces the following advisory committee meeting. *Name:* National Committee on Vital and Health Statistics (NCVHS). *Time and Date:* June 20, 2007: 9 a.m.-3:15 p.m.; June 21, 2007: 9 a.m.-3 p.m. *Place:* Natcher Center, Building 45, National Institutes of Health, Bethesda Campus, Bethesda, MD. *Status:* Open. *Purpose:* At this meeting the Committee will hear presentations and hold discussions on several health data policy topics. On the morning and afternoon of the first day the Committee will hear updates and status reports from its subcommittees as well as a briefing on the 5010 transaction data set. On the morning of the second day the Committee will first hear updates from the Department on activities of the Data Council and the Office of the National Coordinator for Health Information Technology (ONCHIT) followed by Committee actions on selected topics from the subcommittees. The next item will be a briefing on the International Health Terminology Standards Development Organization (IHTSDO.) This briefly will be followed by a discussion of secondary uses of electronic medical record information which will continue after the noon break. There will be a short discussion of future agendas before the meeting adjourns. The times shown above are for the full Committee meeting. Subcommittee breakout sessions are scheduled for late in the afternoon of the first day and in the morning prior to the full Committee meeting on the second day. Agendas for these breakout sessions will be posted on the NCVHS Web site (URL below) when available. *Contact Person for More Information:* Substantive program information as well as summaries of meetings and a roster of committee members may be obtained from Marjorie S. Greenberg, Executive Secretary, NCVHS, National Center for Health Statistics, Centers for Disease Control and Prevention, 3311 Toledo Road, Room 2402, Hyattsville, Maryland 20782, telephone

(301)458-4245. Information also is available on the NCVHS home page of the HHS Web site: *http://www.ncvhs.hhs.gov/,* where further information including an agenda will be posted when available. Should you require reasonable accommodation, please contact the CDC Office of Equal Employment Opportunity on

(301)458-4EEO

(4336)as soon as possible. Dated: May 31, 2007. James Scanlon, Deputy Assistant Secretary for Planning and Evaluation (SDP), Office of the Assistant Secretary for Planning and Evaluation. [FR Doc. 07-2861 Filed 6-7-07; 8:45 am]

Connectionstraces to 7

Traces to 7 documents

U.S. Code

CFR

10 references not yet in our index