TSA, DOT issue joint rule revising security data protections
The U.S. Transportation Security Administration and the Department of Transportation have issued a joint interim rule revising regulations covering the protection of “sensitive security information” (SSI).
The new rule, effective June 17, is intended to protect the confidentiality of maritime security measures. It establishes certain requirements for the handling of sensitive security data, including restrictions on disclosure and civil penalties for violations.
The interim rule defines sensitive security data as including “security programs and procedures of airports, aircraft, vessel and maritime facility operators, screening procedures for airline passengers and luggage, and “information detailing vulnerabilities in transportation systems or facilities.”
SSI also includes any threat data, including threats against cyber infrastructure.
Such information is restricted to “employees, contractors or agents with a need to know.”
The rule noted that, in a conflict between protective regulations of the Critical Infrastructure Act of 2002 — which designate certain data as “critical infrastructure information” or CII – and sensitive security information, CII will prevail over SSI.
Comments from the public must be received by July 19, and may be submitted electronically at http://dms.dot.gov.
For more information, see the Federal Register or contact Robert Ross, Office of the General Counsel, Department of Transportation, (202) 366-9156.