§ 3566. Privacy protections
Any nongovernmental entity that, in the course of recovery auditing or recovery activity under this subchapter, obtains information that identifies an individual or with respect to which there is a reasonable basis to believe that the information can be used to identify an individual, may not disclose the information for any purpose other than such recovery auditing or recovery activity and governmental oversight of such activity, unless disclosure for that other purpose is authorized by the individual to the executive agency that contracted for the performance of the recovery auditing or recovery activity.