Page:United States Statutes at Large Volume 120.djvu/3483

 120 STAT. 3452

Notification.

Deadline. Reports.

Notification.

VerDate 14-DEC-2004

12:05 Jul 13, 2007

PUBLIC LAW 109–461—DEC. 22, 2006

‘‘(3) Ensuring that information security management processes are integrated with Department strategic and operational planning processes. ‘‘(4) Ensuring that the Under Secretaries, Assistant Secretaries, and other key officials of the Department provide adequate security for the information and information systems under their control. ‘‘(5) Ensuring enforcement and compliance with the requirements imposed on the Department under the provisions of subchapter III of chapter 35 of title 44. ‘‘(6) Ensuring that the Department has trained program and staff office personnel sufficient to assist in complying with all the provisions of subchapter III of chapter 35 of title 44 and other related information security requirements. ‘‘(7) Ensuring that the Assistant Secretary for Information and Technology, in coordination with the Under Secretaries, Assistant Secretaries, and other key officials of the Department report to Congress, the Office of Management and Budget, and other entities as required by law and Executive Branch direction on the effectiveness of the Department information security program, including remedial actions. ‘‘(8) Notifying officials other than officials of the Department of data breaches when required under this subchapter. ‘‘(9) Ensuring that the Assistant Secretary for Information and Technology has the authority and control necessary to develop, approve, implement, integrate, and oversee the policies, procedures, processes, activities, and systems of the Department relating to subchapter III of chapter 35 of title 44, including the management of all related mission applications, information resources, personnel, and infrastructure. ‘‘(10) Submitting to the Committees on Veterans’ Affairs of the Senate and House of Representatives, the Committee on Government Reform of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate, not later than March 1 each year, a report on the compliance of the Department with subchapter III of chapter 35 of title 44, with the information in such report displayed in the aggregate and separately for each Administration, office, and facility of the Department. ‘‘(11) Taking appropriate action to ensure that the budget for any fiscal year, as submitted by the President to Congress under section 1105 of title 31, sets forth separately the amounts required in the budget for such fiscal year for compliance by the Department with Federal law and regulations governing information security, including this subchapter and subchapter III of chapter 35 of title 44. ‘‘(12) Providing notice to the Director of the Office of Management and Budget, the Inspector General of the Department, and such other Federal agencies as the Secretary considers appropriate of a presumptive data breach of which notice is provided the Secretary under subsection (b)(16) if, in the opinion of the Assistant Secretary for Information and Technology, the breach involves the information of twenty or more individuals. ‘‘(b) ASSISTANT SECRETARY FOR INFORMATION AND TECHNOLOGY.—The Assistant Secretary for Information and Technology,

Jkt 059194

PO 00003

Frm 00255

Fmt 6580

Sfmt 6581

E:\PUBLAW\PUBL003.109

APPS06

PsN: PUBL003

�