CII Act

CII Act of 2002.pdf

Protected Critical Infrastructure Information (PCII) Program Survey

CII Act

OMB: 1670-0012

Document [pdf]
Download: pdf | pdf
H. R. 5005—11
(d) OTHER OFFICERS.—To assist the Secretary in the performance of the Secretary’s functions, there are the following officers,
appointed by the President:
(1) A Director of the Secret Service.
(2) A Chief Information Officer.
(3) A Chief Human Capital Officer.
(4) A Chief Financial Officer.
(5) An Officer for Civil Rights and Civil Liberties.
(e) PERFORMANCE OF SPECIFIC FUNCTIONS.—Subject to the
provisions of this Act, every officer of the Department shall perform
the functions specified by law for the official’s office or prescribed
by the Secretary.

TITLE II—INFORMATION ANALYSIS AND
INFRASTRUCTURE PROTECTION
Subtitle A—Directorate for Information
Analysis and Infrastructure Protection;
Access to Information
SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION.

(a) UNDER SECRETARY OF HOMELAND SECURITY FOR INFORMAANALYSIS AND INFRASTRUCTURE PROTECTION.—
(1) IN GENERAL.—There shall be in the Department a Directorate for Information Analysis and Infrastructure Protection
headed by an Under Secretary for Information Analysis and
Infrastructure Protection, who shall be appointed by the President, by and with the advice and consent of the Senate.
(2) RESPONSIBILITIES.—The Under Secretary shall assist
the Secretary in discharging the responsibilities assigned by
the Secretary.
(b) ASSISTANT SECRETARY FOR INFORMATION ANALYSIS; ASSISTANT SECRETARY FOR INFRASTRUCTURE PROTECTION.—
(1) ASSISTANT SECRETARY FOR INFORMATION ANALYSIS.—
There shall be in the Department an Assistant Secretary for
Information Analysis, who shall be appointed by the President.
(2) ASSISTANT SECRETARY FOR INFRASTRUCTURE PROTECTION.—There shall be in the Department an Assistant Secretary
for Infrastructure Protection, who shall be appointed by the
President.
(3) RESPONSIBILITIES.—The Assistant Secretary for
Information Analysis and the Assistant Secretary for Infrastructure Protection shall assist the Under Secretary for
Information Analysis and Infrastructure Protection in discharging the responsibilities of the Under Secretary under this
section.
(c) DISCHARGE OF INFORMATION ANALYSIS AND INFRASTRUCTURE
PROTECTION.—The Secretary shall ensure that the responsibilities
of the Department regarding information analysis and infrastructure protection are carried out through the Under Secretary for
Information Analysis and Infrastructure Protection.
(d) RESPONSIBILITIES OF UNDER SECRETARY.—Subject to the
direction and control of the Secretary, the responsibilities of the
TION

H. R. 5005—12
Under Secretary for Information Analysis and Infrastructure Protection shall be as follows:
(1) To access, receive, and analyze law enforcement
information, intelligence information, and other information
from agencies of the Federal Government, State and local
government agencies (including law enforcement agencies), and
private sector entities, and to integrate such information in
order to—
(A) identify and assess the nature and scope of terrorist
threats to the homeland;
(B) detect and identify threats of terrorism against
the United States; and
(C) understand such threats in light of actual and
potential vulnerabilities of the homeland.
(2) To carry out comprehensive assessments of the
vulnerabilities of the key resources and critical infrastructure
of the United States, including the performance of risk assessments to determine the risks posed by particular types of
terrorist attacks within the United States (including an assessment of the probability of success of such attacks and the
feasibility and potential efficacy of various countermeasures
to such attacks).
(3) To integrate relevant information, analyses, and vulnerability assessments (whether such information, analyses, or
assessments are provided or produced by the Department or
others) in order to identify priorities for protective and support
measures by the Department, other agencies of the Federal
Government, State and local government agencies and authorities, the private sector, and other entities.
(4) To ensure, pursuant to section 202, the timely and
efficient access by the Department to all information necessary
to discharge the responsibilities under this section, including
obtaining such information from other agencies of the Federal
Government.
(5) To develop a comprehensive national plan for securing
the key resources and critical infrastructure of the United
States, including power production, generation, and distribution
systems, information technology and telecommunications systems (including satellites), electronic financial and property
record storage and transmission systems, emergency preparedness communications systems, and the physical and technological assets that support such systems.
(6) To recommend measures necessary to protect the key
resources and critical infrastructure of the United States in
coordination with other agencies of the Federal Government
and in cooperation with State and local government agencies
and authorities, the private sector, and other entities.
(7) To administer the Homeland Security Advisory System,
including—
(A) exercising primary responsibility for public
advisories related to threats to homeland security; and
(B) in coordination with other agencies of the Federal
Government, providing specific warning information, and
advice about appropriate protective measures and countermeasures, to State and local government agencies and
authorities, the private sector, other entities, and the
public.

H. R. 5005—13
(8) To review, analyze, and make recommendations for
improvements in the policies and procedures governing the
sharing of law enforcement information, intelligence information, intelligence-related information, and other information
relating to homeland security within the Federal Government
and between the Federal Government and State and local
government agencies and authorities.
(9) To disseminate, as appropriate, information analyzed
by the Department within the Department, to other agencies
of the Federal Government with responsibilities relating to
homeland security, and to agencies of State and local governments and private sector entities with such responsibilities
in order to assist in the deterrence, prevention, preemption
of, or response to, terrorist attacks against the United States.
(10) To consult with the Director of Central Intelligence
and other appropriate intelligence, law enforcement, or other
elements of the Federal Government to establish collection
priorities and strategies for information, including law enforcement-related information, relating to threats of terrorism
against the United States through such means as the representation of the Department in discussions regarding requirements
and priorities in the collection of such information.
(11) To consult with State and local governments and private sector entities to ensure appropriate exchanges of information, including law enforcement-related information, relating
to threats of terrorism against the United States.
(12) To ensure that—
(A) any material received pursuant to this Act is protected from unauthorized disclosure and handled and used
only for the performance of official duties; and
(B) any intelligence information under this Act is
shared, retained, and disseminated consistent with the
authority of the Director of Central Intelligence to protect
intelligence sources and methods under the National Security Act of 1947 (50 U.S.C. 401 et seq.) and related procedures and, as appropriate, similar authorities of the
Attorney General concerning sensitive law enforcement
information.
(13) To request additional information from other agencies
of the Federal Government, State and local government agencies, and the private sector relating to threats of terrorism
in the United States, or relating to other areas of responsibility
assigned by the Secretary, including the entry into cooperative
agreements through the Secretary to obtain such information.
(14) To establish and utilize, in conjunction with the chief
information officer of the Department, a secure communications
and information technology infrastructure, including datamining and other advanced analytical tools, in order to access,
receive, and analyze data and information in furtherance of
the responsibilities under this section, and to disseminate
information acquired and analyzed by the Department, as
appropriate.
(15) To ensure, in conjunction with the chief information
officer of the Department, that any information databases and
analytical tools developed or utilized by the Department—

H. R. 5005—14
(A) are compatible with one another and with relevant
information databases of other agencies of the Federal
Government; and
(B) treat information in such databases in a manner
that complies with applicable Federal law on privacy.
(16) To coordinate training and other support to the elements and personnel of the Department, other agencies of
the Federal Government, and State and local governments that
provide information to the Department, or are consumers of
information provided by the Department, in order to facilitate
the identification and sharing of information revealed in their
ordinary duties and the optimal utilization of information
received from the Department.
(17) To coordinate with elements of the intelligence community and with Federal, State, and local law enforcement agencies, and the private sector, as appropriate.
(18) To provide intelligence and information analysis and
support to other elements of the Department.
(19) To perform such other duties relating to such responsibilities as the Secretary may provide.
(e) STAFF.—
(1) IN GENERAL.—The Secretary shall provide the Directorate with a staff of analysts having appropriate expertise
and experience to assist the Directorate in discharging responsibilities under this section.
(2) PRIVATE SECTOR ANALYSTS.—Analysts under this subsection may include analysts from the private sector.
(3) SECURITY CLEARANCES.—Analysts under this subsection
shall possess security clearances appropriate for their work
under this section.
(f) DETAIL OF PERSONNEL.—
(1) IN GENERAL.—In order to assist the Directorate in discharging responsibilities under this section, personnel of the
agencies referred to in paragraph (2) may be detailed to the
Department for the performance of analytic functions and
related duties.
(2) COVERED AGENCIES.—The agencies referred to in this
paragraph are as follows:
(A) The Department of State.
(B) The Central Intelligence Agency.
(C) The Federal Bureau of Investigation.
(D) The National Security Agency.
(E) The National Imagery and Mapping Agency.
(F) The Defense Intelligence Agency.
(G) Any other agency of the Federal Government that
the President considers appropriate.
(3) COOPERATIVE AGREEMENTS.—The Secretary and the
head of the agency concerned may enter into cooperative agreements for the purpose of detailing personnel under this subsection.
(4) BASIS.—The detail of personnel under this subsection
may be on a reimbursable or non-reimbursable basis.
(g) FUNCTIONS TRANSFERRED.—In accordance with title XV,
there shall be transferred to the Secretary, for assignment to the
Under Secretary for Information Analysis and Infrastructure Protection under this section, the functions, personnel, assets, and liabilities of the following:

H. R. 5005—15
(1) The National Infrastructure Protection Center of the
Federal Bureau of Investigation (other than the Computer
Investigations and Operations Section), including the functions
of the Attorney General relating thereto.
(2) The National Communications System of the Department of Defense, including the functions of the Secretary of
Defense relating thereto.
(3) The Critical Infrastructure Assurance Office of the
Department of Commerce, including the functions of the Secretary of Commerce relating thereto.
(4) The National Infrastructure Simulation and Analysis
Center of the Department of Energy and the energy security
and assurance program and activities of the Department,
including the functions of the Secretary of Energy relating
thereto.
(5) The Federal Computer Incident Response Center of
the General Services Administration, including the functions
of the Administrator of General Services relating thereto.
(h) INCLUSION OF CERTAIN ELEMENTS OF THE DEPARTMENT
AS ELEMENTS OF THE INTELLIGENCE COMMUNITY.—Section 3(4) of
the National Security Act of 1947 (50 U.S.C. 401(a)) is amended—
(1) by striking ‘‘and’’ at the end of subparagraph (I);
(2) by redesignating subparagraph (J) as subparagraph
(K); and
(3) by inserting after subparagraph (I) the following new
subparagraph:
‘‘(J) the elements of the Department of Homeland Security concerned with the analyses of foreign intelligence
information; and’’.
SEC. 202. ACCESS TO INFORMATION.

(a) IN GENERAL.—
(1) THREAT AND VULNERABILITY INFORMATION.—Except as
otherwise directed by the President, the Secretary shall have
such access as the Secretary considers necessary to all information, including reports, assessments, analyses, and unevaluated
intelligence relating to threats of terrorism against the United
States and to other areas of responsibility assigned by the
Secretary, and to all information concerning infrastructure or
other vulnerabilities of the United States to terrorism, whether
or not such information has been analyzed, that may be collected, possessed, or prepared by any agency of the Federal
Government.
(2) OTHER INFORMATION.—The Secretary shall also have
access to other information relating to matters under the
responsibility of the Secretary that may be collected, possessed,
or prepared by an agency of the Federal Government as the
President may further provide.
(b) MANNER OF ACCESS.—Except as otherwise directed by the
President, with respect to information to which the Secretary has
access pursuant to this section—
(1) the Secretary may obtain such material upon request,
and may enter into cooperative arrangements with other executive agencies to provide such material or provide Department
officials with access to it on a regular or routine basis, including
requests or arrangements involving broad categories of material, access to electronic databases, or both; and

H. R. 5005—16
(2) regardless of whether the Secretary has made any
request or entered into any cooperative arrangement pursuant
to paragraph (1), all agencies of the Federal Government shall
promptly provide to the Secretary—
(A) all reports (including information reports containing intelligence which has not been fully evaluated),
assessments, and analytical information relating to threats
of terrorism against the United States and to other areas
of responsibility assigned by the Secretary;
(B) all information concerning the vulnerability of the
infrastructure of the United States, or other vulnerabilities
of the United States, to terrorism, whether or not such
information has been analyzed;
(C) all other information relating to significant and
credible threats of terrorism against the United States,
whether or not such information has been analyzed; and
(D) such other information or material as the President
may direct.
(c) TREATMENT UNDER CERTAIN LAWS.—The Secretary shall
be deemed to be a Federal law enforcement, intelligence, protective,
national defense, immigration, or national security official, and
shall be provided with all information from law enforcement agencies that is required to be given to the Director of Central Intelligence, under any provision of the following:
(1) The USA PATRIOT Act of 2001 (Public Law 107–
56).
(2) Section 2517(6) of title 18, United States Code.
(3) Rule 6(e)(3)(C) of the Federal Rules of Criminal Procedure.
(d) ACCESS TO INTELLIGENCE AND OTHER INFORMATION.—
(1) ACCESS BY ELEMENTS OF FEDERAL GOVERNMENT.—
Nothing in this title shall preclude any element of the intelligence community (as that term is defined in section 3(4)
of the National Security Act of 1947 (50 U.S.C. 401a(4)), or
any other element of the Federal Government with responsibility for analyzing terrorist threat information, from receiving
any intelligence or other information relating to terrorism.
(2) SHARING OF INFORMATION.—The Secretary, in consultation with the Director of Central Intelligence, shall work to
ensure that intelligence or other information relating to terrorism to which the Department has access is appropriately
shared with the elements of the Federal Government referred
to in paragraph (1), as well as with State and local governments, as appropriate.

Subtitle B—Critical Infrastructure
Information
SEC. 211. SHORT TITLE.

This subtitle may be cited as the ‘‘Critical Infrastructure
Information Act of 2002’’.
SEC. 212. DEFINITIONS.

In this subtitle:
(1) AGENCY.—The term ‘‘agency’’ has the meaning given
it in section 551 of title 5, United States Code.

H. R. 5005—17
(2) COVERED FEDERAL AGENCY.—The term ‘‘covered Federal
agency’’ means the Department of Homeland Security.
(3) CRITICAL INFRASTRUCTURE INFORMATION.—The term
‘‘critical infrastructure information’’ means information not customarily in the public domain and related to the security of
critical infrastructure or protected systems—
(A) actual, potential, or threatened interference with,
attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the
misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal,
State, or local law, harms interstate commerce of the
United States, or threatens public health or safety;
(B) the ability of any critical infrastructure or protected
system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk
evaluation thereto, risk management planning, or risk
audit; or
(C) any planned or past operational problem or solution
regarding critical infrastructure or protected systems,
including repair, recovery, reconstruction, insurance, or
continuity, to the extent it is related to such interference,
compromise, or incapacitation.
(4) CRITICAL INFRASTRUCTURE PROTECTION PROGRAM.—The
term ‘‘critical infrastructure protection program’’ means any
component or bureau of a covered Federal agency that has
been designated by the President or any agency head to receive
critical infrastructure information.
(5) INFORMATION SHARING AND ANALYSIS ORGANIZATION.—
The term ‘‘Information Sharing and Analysis Organization’’
means any formal or informal entity or collaboration created
or employed by public or private sector organizations, for purposes of—
(A) gathering and analyzing critical infrastructure
information in order to better understand security problems
and interdependencies related to critical infrastructure and
protected systems, so as to ensure the availability, integrity, and reliability thereof;
(B) communicating or disclosing critical infrastructure
information to help prevent, detect, mitigate, or recover
from the effects of a interference, compromise, or a incapacitation problem related to critical infrastructure or protected
systems; and
(C) voluntarily disseminating critical infrastructure
information to its members, State, local, and Federal
Governments, or any other entities that may be of assistance in carrying out the purposes specified in subparagraphs (A) and (B).
(6) PROTECTED SYSTEM.—The term ‘‘protected system’’—
(A) means any service, physical or computer-based
system, process, or procedure that directly or indirectly
affects the viability of a facility of critical infrastructure;
and

H. R. 5005—18
(B) includes any physical or computer-based system,
including a computer, computer system, computer or
communications network, or any component hardware or
element thereof, software program, processing instructions,
or information or data in transmission or storage therein,
irrespective of the medium of transmission or storage.
(7) VOLUNTARY.—
(A) IN GENERAL.—The term ‘‘voluntary’’, in the case
of any submittal of critical infrastructure information to
a covered Federal agency, means the submittal thereof
in the absence of such agency’s exercise of legal authority
to compel access to or submission of such information and
may be accomplished by a single entity or an Information
Sharing and Analysis Organization on behalf of itself or
its members.
(B) EXCLUSIONS.—The term ‘‘voluntary’’—
(i) in the case of any action brought under the
securities laws as is defined in section 3(a)(47) of the
Securities Exchange Act of 1934 (15 U.S.C.
78c(a)(47))—
(I) does not include information or statements
contained in any documents or materials filed with
the Securities and Exchange Commission, or with
Federal banking regulators, pursuant to section
12(i) of the Securities Exchange Act of 1934 (15
U.S.C. 781(I)); and
(II) with respect to the submittal of critical
infrastructure information, does not include any
disclosure or writing that when made accompanied
the solicitation of an offer or a sale of securities;
and
(ii) does not include information or statements submitted or relied upon as a basis for making licensing
or permitting determinations, or during regulatory proceedings.
SEC. 213. DESIGNATION OF CRITICAL INFRASTRUCTURE PROTECTION
PROGRAM.

A critical infrastructure protection program may be designated
as such by one of the following:
(1) The President.
(2) The Secretary of Homeland Security.
SEC. 214. PROTECTION OF VOLUNTARILY SHARED CRITICAL INFRASTRUCTURE INFORMATION.

(a) PROTECTION.—
(1) IN GENERAL.—Notwithstanding any other provision of
law, critical infrastructure information (including the identity
of the submitting person or entity) that is voluntarily submitted
to a covered Federal agency for use by that agency regarding
the security of critical infrastructure and protected systems,
analysis, warning, interdependency study, recovery, reconstitution, or other informational purpose, when accompanied by
an express statement specified in paragraph (2)—
(A) shall be exempt from disclosure under section 552
of title 5, United States Code (commonly referred to as
the Freedom of Information Act);

H. R. 5005—19
(B) shall not be subject to any agency rules or judicial
doctrine regarding ex parte communications with a decision
making official;
(C) shall not, without the written consent of the person
or entity submitting such information, be used directly
by such agency, any other Federal, State, or local authority,
or any third party, in any civil action arising under Federal
or State law if such information is submitted in good faith;
(D) shall not, without the written consent of the person
or entity submitting such information, be used or disclosed
by any officer or employee of the United States for purposes
other than the purposes of this subtitle, except—
(i) in furtherance of an investigation or the
prosecution of a criminal act; or
(ii) when disclosure of the information would be—
(I) to either House of Congress, or to the extent
of matter within its jurisdiction, any committee
or subcommittee thereof, any joint committee
thereof or subcommittee of any such joint committee; or
(II) to the Comptroller General, or any authorized representative of the Comptroller General, in
the course of the performance of the duties of
the General Accounting Office.
(E) shall not, if provided to a State or local government
or government agency—
(i) be made available pursuant to any State or
local law requiring disclosure of information or records;
(ii) otherwise be disclosed or distributed to any
party by said State or local government or government
agency without the written consent of the person or
entity submitting such information; or
(iii) be used other than for the purpose of protecting critical infrastructure or protected systems, or
in furtherance of an investigation or the prosecution
of a criminal act; and
(F) does not constitute a waiver of any applicable privilege or protection provided under law, such as trade secret
protection.
(2) EXPRESS STATEMENT.—For purposes of paragraph (1),
the term ‘‘express statement’’, with respect to information or
records, means—
(A) in the case of written information or records, a
written marking on the information or records substantially
similar to the following: ‘‘This information is voluntarily
submitted to the Federal Government in expectation of
protection from disclosure as provided by the provisions
of the Critical Infrastructure Information Act of 2002.’’;
or
(B) in the case of oral information, a similar written
statement submitted within a reasonable period following
the oral communication.
(b) LIMITATION.—No communication of critical infrastructure
information to a covered Federal agency made pursuant to this
subtitle shall be considered to be an action subject to the requirements of the Federal Advisory Committee Act (5 U.S.C. App. 2).

H. R. 5005—20
(c) INDEPENDENTLY OBTAINED INFORMATION.—Nothing in this
section shall be construed to limit or otherwise affect the ability
of a State, local, or Federal Government entity, agency, or authority,
or any third party, under applicable law, to obtain critical infrastructure information in a manner not covered by subsection (a),
including any information lawfully and properly disclosed generally
or broadly to the public and to use such information in any manner
permitted by law.
(d) TREATMENT OF VOLUNTARY SUBMITTAL OF INFORMATION.—
The voluntary submittal to the Government of information or
records that are protected from disclosure by this subtitle shall
not be construed to constitute compliance with any requirement
to submit such information to a Federal agency under any other
provision of law.
(e) PROCEDURES.—
(1) IN GENERAL.—The Secretary of the Department of
Homeland Security shall, in consultation with appropriate representatives of the National Security Council and the Office
of Science and Technology Policy, establish uniform procedures
for the receipt, care, and storage by Federal agencies of critical
infrastructure information that is voluntarily submitted to the
Government. The procedures shall be established not later than
90 days after the date of the enactment of this subtitle.
(2) ELEMENTS.—The procedures established under paragraph (1) shall include mechanisms regarding—
(A) the acknowledgement of receipt by Federal agencies
of critical infrastructure information that is voluntarily
submitted to the Government;
(B) the maintenance of the identification of such
information as voluntarily submitted to the Government
for purposes of and subject to the provisions of this subtitle;
(C) the care and storage of such information; and
(D) the protection and maintenance of the confidentiality of such information so as to permit the sharing
of such information within the Federal Government and
with State and local governments, and the issuance of
notices and warnings related to the protection of critical
infrastructure and protected systems, in such manner as
to protect from public disclosure the identity of the submitting person or entity, or information that is proprietary,
business sensitive, relates specifically to the submitting
person or entity, and is otherwise not appropriately in
the public domain.
(f) PENALTIES.—Whoever, being an officer or employee of the
United States or of any department or agency thereof, knowingly
publishes, divulges, discloses, or makes known in any manner or
to any extent not authorized by law, any critical infrastructure
information protected from disclosure by this subtitle coming to
him in the course of this employment or official duties or by reason
of any examination or investigation made by, or return, report,
or record made to or filed with, such department or agency or
officer or employee thereof, shall be fined under title 18 of the
United States Code, imprisoned not more than 1 year, or both,
and shall be removed from office or employment.
(g) AUTHORITY TO ISSUE WARNINGS.—The Federal Government
may provide advisories, alerts, and warnings to relevant companies,
targeted sectors, other governmental entities, or the general public

H. R. 5005—21
regarding potential threats to critical infrastructure as appropriate.
In issuing a warning, the Federal Government shall take appropriate actions to protect from disclosure—
(1) the source of any voluntarily submitted critical infrastructure information that forms the basis for the warning;
or
(2) information that is proprietary, business sensitive,
relates specifically to the submitting person or entity, or is
otherwise not appropriately in the public domain.
(h) AUTHORITY TO DELEGATE.—The President may delegate
authority to a critical infrastructure protection program, designated
under section 213, to enter into a voluntary agreement to promote
critical infrastructure security, including with any Information
Sharing and Analysis Organization, or a plan of action as otherwise
defined in section 708 of the Defense Production Act of 1950 (50
U.S.C. App. 2158).
SEC. 215. NO PRIVATE RIGHT OF ACTION.

Nothing in this subtitle may be construed to create a private
right of action for enforcement of any provision of this Act.

Subtitle C—Information Security
SEC. 221. PROCEDURES FOR SHARING INFORMATION.

The Secretary shall establish procedures on the use of information shared under this title that—
(1) limit the redissemination of such information to ensure
that it is not used for an unauthorized purpose;
(2) ensure the security and confidentiality of such information;
(3) protect the constitutional and statutory rights of any
individuals who are subjects of such information; and
(4) provide data integrity through the timely removal and
destruction of obsolete or erroneous names and information.
SEC. 222. PRIVACY OFFICER.

The Secretary shall appoint a senior official in the Department
to assume primary responsibility for privacy policy, including—
(1) assuring that the use of technologies sustain, and do
not erode, privacy protections relating to the use, collection,
and disclosure of personal information;
(2) assuring that personal information contained in Privacy
Act systems of records is handled in full compliance with fair
information practices as set out in the Privacy Act of 1974;
(3) evaluating legislative and regulatory proposals involving
collection, use, and disclosure of personal information by the
Federal Government;
(4) conducting a privacy impact assessment of proposed
rules of the Department or that of the Department on the
privacy of personal information, including the type of personal
information collected and the number of people affected; and
(5) preparing a report to Congress on an annual basis
on activities of the Department that affect privacy, including
complaints of privacy violations, implementation of the Privacy
Act of 1974, internal controls, and other matters.


File Typeapplication/pdf
File Modified2003-11-12
File Created2002-11-23

© 2024 OMB.report | Privacy Policy