F:\M12\THOMMS\THOMMS_034.

XML

AMENDMENT OFFERED

TO THE OF

RULES COMMITTEE PRINT MISSISSIPPI

H.R. 3523
OF

BY

MR. THOMPSON

Page 18, after line 15 insert the following: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

f:\VHLC\042412\042412.231.xml April 24, 2012 (12:25 p.m.)
12:25 Apr 24, 2012

(c) PRIVACY AND CIVIL LIBERTIES OVERSIGHT. (1) POLICIES

AND PROCEDURES.Not

later

than 60 days after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Director of National Intelligence and privacy and civil liberties stakeholders, shall develop and periodically review policies and procedures governing the acquisition, interception, retention, use, and disclosure of communications, records, system traffic, or other information associated with specific persons by officers, employees, and agents of the Federal Government in connection with activities authorized under this Act or the amendments made by this Act. Such policies and procedures shall (A) minimize the impact on privacy and civil liberties, consistent with the need to mitigate cybersecurity threats; (B) reasonably limit the acquisition, interception, retention, use, and disclosure of com(524027|2)
PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 C:\DOCUME~1\PKBAYER\APPLIC~1\SOFTQUAD\XMETAL\5.5\GEN\C\THOMMS~1.XML

VerDate 0ct 09 2002

Jkt 000000

F:\M12\THOMMS\THOMMS_034.XML

2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 munications, records, system traffic, or other information associated with specific persons consistent with the need to carry out the responsibilities of this Act and the amendments made by this Act, including establishing a process for the timely redaction and destruction of communications, records, system traffic, or other information that is acquired or intercepted pursuant to this Act or the amendments made by this Act that does not reasonably appear to be related to protecting against cybersecurity threats and mitigating

cybersecurity threats; (C) require reasonable efforts to remove information that can be used to identify a specific individual, using automated means if technically feasible, upon initial receipt of the information; (D) include requirements to safeguard communications, records, system traffic, or other information that can be used to identify specific persons from unauthorized access or acquisition; and (E) protect the confidentiality of disclosed communications, records, system traffic, or other information associated with specific per-

VerDate 0ct 09 2002

f:\VHLC\042412\042412.231.xml April 24, 2012 (12:25 p.m.)

12:25 Apr 24, 2012

(524027|2)
PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 C:\DOCUME~1\PKBAYER\APPLIC~1\SOFTQUAD\XMETAL\5.5\GEN\C\THOMMS~1.XML

Jkt 000000

F:\M12\THOMMS\THOMMS_034.XML

3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 sons to the greatest extent practicable and require recipients of such information to be informed that the communications, records, system traffic, or other information disclosed may only be used for protecting information systems against cybersecurity threats, mitigating

against cybersecurity threats, or law enforcement purposes when the information is evidence of a crime that has been, is being, or is about to be committed, as specified by the Secretary of Homeland Security. (2) ATTORNEY
GENERAL APPROVAL.The

At-

torney General shall review and approve the policies and procedures developed under paragraph (1).

VerDate 0ct 09 2002

f:\VHLC\042412\042412.231.xml April 24, 2012 (12:25 p.m.)

12:25 Apr 24, 2012

(524027|2)
PO 00000 Frm 00003 Fmt 6652 Sfmt 6301 C:\DOCUME~1\PKBAYER\APPLIC~1\SOFTQUAD\XMETAL\5.5\GEN\C\THOMMS~1.XML

Jkt 000000