Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We???ve made big changes to make the eCFR easier to use. Be sure to leave feedback using the Help button on the bottom right of each page!

e-CFR data is current as of August 4, 2020

Title 49Subtitle BChapter XIISubchapter BPart 1520 → §1520.9


Title 49: Transportation
PART 1520—PROTECTION OF SENSITIVE SECURITY INFORMATION


§1520.9   Restrictions on the disclosure of SSI.

(a) Duty to protect information. A covered person must—

(1) Take reasonable steps to safeguard SSI in that person's possession or control from unauthorized disclosure. When a person is not in physical possession of SSI, the person must store it a secure container, such as a locked desk or file cabinet or in a locked room.

(2) Disclose, or otherwise provide access to, SSI only to covered persons who have a need to know, unless otherwise authorized in writing by TSA, the Coast Guard, or the Secretary of DOT.

(3) Refer requests by other persons for SSI to TSA or the applicable component or agency within DOT or DHS.

(4) Mark SSI as specified in §1520.13.

(5) Dispose of SSI as specified in §1520.19.

(b) Unmarked SSI. If a covered person receives a record containing SSI that is not marked as specified in §1520.13, the covered person must—

(1) Mark the record as specified in §1520.13; and

(2) Inform the sender of the record that the record must be marked as specified in §1520.13.

(c) Duty to report unauthorized disclosure. When a covered person becomes aware that SSI has been released to unauthorized persons, the covered person must promptly inform TSA or the applicable DOT or DHS component or agency.

(d) Additional Requirements for Critical Infrastructure Information. In the case of information that is both SSI and has been designated as critical infrastructure information under section 214 of the Homeland Security Act, any covered person who is a Federal employee in possession of such information must comply with the disclosure restrictions and other requirements applicable to such information under section 214 and any implementing regulations.

Need assistance?