Acting in anticipation of data breaches (and in response to an overall federal plan), the Federal Reserve is proposing to revise its general routine uses of systems of records, including adding a new “routine use” under its overall privacy policy.
In filings with the Federal Register Monday, the central bank said the changes are necessary in order to comply with a memorandum from the federal Office of Management and Budget (OMB), “Preparing for and Responding to a Breach of Personally Identifiable Information” (Memorandum M-17-12, Jan. 3, 2017). UPDATED: The proposal is effective Sept. 27, and the Fed is taking comments on it until that date as well.
The agency said the revisions it proposes include:
- Revising Routine Use I, as prescribed by OMB, which allows the Fed to disclose records as necessary to respond to “a suspected or confirmed breach of the system of records where the board has determined the breach poses a risk of harm to individuals, the board, the federal government, or national security, and the disclosure is reasonably necessary to assist the Board in its efforts to respond to the breach or to prevent, minimize or remedy such harm.”
- Adding “Routine Use J” (also as prescribed by OMB) to allow the Fed to assist another federal agency or federal entity in that agency’s or entity’s response to a suspected or confirmed breach or efforts to “prevent, minimize, or remedy the risk of harm to individuals, the agency or entity, the Federal Government, or national security, resulting from a suspected or confirmed breach.”
“Breaches pose a risk of harm to individuals, and thus the revised and new routine uses will further enhance the Board’s ability to protect the privacy of individuals by allowing the Board to respond to the suspected or confirmed breach and prevent, minimize, or remedy the resulting harm posed by the breach,” the Fed wrote in its Register filing, which is expected to be published as early as Tuesday.
Notice of General Amendment to Federal Reserve Board of Governors Systems of Records