|
|
|
What is Privacy?
| What is the Privacy Act? | Privacy
Act Core Requirements | Who is Responsible
for Complying with the Law? | Why Me?
| Bureau/Office Contacts
Most employees are involved
with managing information -- including information about individuals. Do you
maintain files about individuals? Develop or use a database which includes names
of people, even a small one residing on your own computer? Develop surveys,
forms or questionnaires? Develop a web site and collect information from
it? If so, it is important to be aware of your part in being stewards
of the information entrusted to you by the public and other employees and also
be aware of your rights as a citizen.
Part of that stewardship is ensuring that Privacy Impact Assessments are completed when considering the collection of information on individuals or managing a database with information on individuals. (See information below).
What is Privacy?
Privacy is the right to be let alone and to control the conditions under which information pertaining to you is collected, used and disseminated.
What is the Privacy Act?
The purpose of the Privacy Act is to balance the Government's need to maintain information about individuals with the rights of the individual to be protected against unwarranted invasions of their privacy.
The Privacy Act establishes special requirements for the Executive Branch of Government when collecting, creating, maintaining, and distributing records that can be retrieved by the name of an individual, or other identifier (whether in paper or electronic form). It applies to information on individuals.
Privacy Act Core Requirements
The Privacy Act core requirements provide for:
|
|
Limitations
on the collection, use and dissemination of personally identifiable
information about an individual. |
|
|
Disclosure
restrictions to third parties. |
|
|
Access
and amendments rights of the individuals who are subjects of the files. |
|
|
Notification
to the public of collections of information on them (forms and web sites),
and record systems (Federal Register Privacy System Notice. Secret
records on individuals cannot be maintained. |
|
|
Maintenance requirements:
|
Additional Privacy Act core requirements include:
|
|
Interagency data sharing requirements There are requirements when matches are made with another Federal or state government agency when matches are used to verify an initial eligibility for federal benefits programs. (See DOI Acquisition Regulations DIAR 1452.224-1) |
Who is Responsible for Complying with the Law?
Agency and bureau managers, Privacy Act Officers, systems managers -- and you!
Why Me?
Ask yourself these questions:
|
|
Do
you handle information on individuals? |
|
|
Respond
to requests for information in a system of records, or about individuals? |
|
|
Collect
information and file it by name or ID? |
|
|
Manage a database with information on individuals? |
Employee Privacy Act Responsibilities
Employees who handle information
on individuals should become familiar with the Departmental guidelines
on the Privacy Act and privacy protection. Become familiar with the most common
Privacy Act situations so you will be alerted to potential problems before they
arise.
The Privacy Impact Assessment
(PIA) is a checklist now required by the E-Government Act of 2002 that should
be used when designing and developing a new or amended information system that
contains information on individuals. The purpose of the PIA is to ensure that privacy
protections and Privacy Act requirements are considered in information systems.
PIAs should be considered with new electronic
information collections from the public, collections of information from websites,
creation of new databases or amendments of others, and use of new technology
that may impact individuals.
For more information see
the following links:
o
OMB
guidelines on The E-Government Act of 2002, Sec. 208 on Privacy Provisions (see
Privacy Impact Assessment requirements) http://www.whitehouse.gov/omb/memoranda/m03-22.html.
o
Department
of the Interior Privacy Impact Assessment http://www.doi.gov/ocio/privacy/
Links to Guidelines and References
References
and Guides on the Privacy Act
Guidelines on Web Site Privacy Requirements
Guides on Privacy Plans and Assessments
Other Laws and Guidelines that Support the
Privacy Act
BLM Managing Records Responsibly (Course 1220-05)
Contact the Privacy Specialists
This information is not intended to make you a specialist on Privacy Act matters, but just increase your awareness of your role and privacy issues. DOI has established a network of Privacy Act Officers at the bureau/office level who are available to help you deal with Privacy Act questions and problems.
If you have any questions on whether the Privacy Act applies in a situation, contact your bureau/office Privacy Act Officer or Specialist.
Even though information on individuals
may not be filed by a name or other identifier and then not covered by the Privacy
Act, other laws such as the Freedom of Information Act (FOIA) apply in protecting
privacy. For example FOIA Exemption 6 and 7(C) are exemptions addressing the
protection of personal information. DOI
FOIA Officers can answer questions with a privacy concern.
|
Content
provided by:
Marilyn Legnini
DOI Privacy Act Officer
MS-5312, MIB
1849 C Street, N.W.
Washington, DC 20240
Phone: (202) 219-0868
Fax: (202) 501-2360
