Nuclear Regulatory Commission--Availability of Appropriations for Credit Monitoring Services
B-310865, Apr 14, 2008
If the Nuclear Regulatory Commission were to mistakenly disclose to the public personally identifiable information of an employee or private citizen, its appropriation is available to pay for credit monitoring services as long as the Commission determines that it is necessary under the particular circumstances. In making such a determination, the Commission should be guided by the risk-based, tailored approach outlined by the Office of Management and Budget. Such an expenditure would be consistent with statutory breach notification and mitigation requirements and, notwithstanding any collateral personal benefit to an employee or individual, would be a necessary expense of the agency.