Page:United States Statutes at Large Volume 116 Part 3.djvu/563

 PUBLIC LAW 107-296—NOV. 25, 2002 116 STAT. 2155 regarding potential threats to critical infrastructure as appropriate. In issuing a warning, the Federal Government shall take appropriate actions to protect from disclosure— (1) the source of any voluntarily submitted critical infrastructure information that forms the basis for the warning; or (2) information that is proprietary, business sensitive, relates specifically to the submitting person or entity, or is otherwise not appropriately in the public domain. (h) AUTHORITY TO DELEGATE.— The President may delegate authority to a critical infrastructure protection program, designated under section 213, to enter into a voluntary agreement to promote critical infrastructure security, including with any Information Sharing and Analysis Organization, or a plan of action as otherwise defined in section 708 of the Defense Production Act of 1950 (50 U.S.C. App. 2158). SEC. 215. NO PRIVATE RIGHT OF ACTION. 6 USC 134. Nothing in this subtitle may be construed to create a private right of action for enforcement of any provision of this Act. Subtitle C—Information Security SEC. 221. PROCEDURES FOR SHARING INFORMATION. 6 USC 141. The Secretary shall establish procedures on the use of information shared under this title that— (1) limit the redissemination of such information to ensure that it is not used for an unauthorized purpose; (2) ensure the security and confidentiality of such information; (3) protect the constitutional and statutory rights of any individuals who are subjects of such information; and (4) provide data integrity through the timely removal and destruction of obsolete or erroneous names and information. SEC. 222. PRIVACY OFFICER. 6 USC 142. The Secretary shall appoint a senior official in the Department to assume primary responsibility for privacy policy, including— (1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information; (2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974; (3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government; (4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and (5) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.

�