123STA T . 21 85PUBLIC LA W 111 – 83 —O CT. 28 , 2 0 0 9phot o gra ph w o ulden danger ci ti z en s o f the U nited S tates ,m em -b ers of the United States A rmed F orces, or emplo y ees of the United States G o v ernment deployed outside the United States .(2)CERTIF I CA TI ON E XP IRATION. — A certification and a renewal of a certification issued pursuant to subsection (d)( 3 ) shall e x pire 3 years after the date on which the certification or renewal, is issued by the Secretary of D efense. (3) CERTIFICATION RENE W A L .— T he Secretary of Defense may issue— (A) a renewal of a certification at any time
and ( B ) more than 1 renewal of a certification. ( 4 ) N OTICE TO CON G RE S S.—The Secretary of Defense shall provide Congress a timely notice of the Secretary ’ s issuance of a certification and of a renewal of a certification. (e) RU LE OF CONSTRUCTION.—Nothing in this section shall be construed to preclude the voluntary disclosure of a protected docu- ment. (f) E FFECTI V E DATE.—This section shall ta k e effect on the date of enactment of this Act and apply to any protected document. SEC. 56 6. The administrative law j udge annuitants partici- pating in the Senior Administrative L aw J udge P rogram managed by the Director of the O ffice of Personnel M anagement under section 3323 of title 5, United States Code, shall be available on a tem- porary reemployment basis to conduct arbitrations of disputes as part of the arbitration panel established by the President under section 6 0 1 of division A of the American Recovery and Reinvest- ment Act of 200 9 (Public Law 111 – 5; 123 Stat. 164). SEC. 56 7 . (a) I N GENERAL.—Any company that collects or retains personal information directly from individuals who partici- pated in the Registered Traveler program shall safeguard and dis- pose of such information in accordance with the re q uirements in— (1) the National Institute for Standards and Technology Special Publication 8 00–30, entitled ‘ ‘Risk Management Guide for Information Technology Systems’’; and (2) the National Institute for Standards and Technology Special Publication 800–53, Revision 3, entitled ‘‘Recommended Security Controls for Federal Information Systems and Organizations,’’; (3) any supplemental standards established by the Assist- ant Secretary, Transportation Security Administration (referred to in this section as the ‘‘Assistant Secretary’’). (b) CERTIFICATION.—The Assistant Secretary shall require any company through the sponsoring entity described in subsection (a) to provide, not later than 30 days after the date of the enactment of this Act, written certification to the sponsoring entity that such procedures are consistent with the minimum standards established under paragraph (a)(1–3) with a description of the procedures used to comply with such standards. (c) REPORT.—Not later than 90 days after the date of the enactment of this Act, the Assistant Secretary shall submit a report to Congress that— (1) describes the procedures that have been used to safe- guard and dispose of personal information collected through the Registered Traveler program; and (2) provides the status of the certification by any company described in subsection (a) that such procedures are consistent Deadlin e .Ap pli c a b ili ty .
