Department of the Interior logo; link to DOI home page

 Link to home page Link to Welcome section Link to The Big Picture section Link to Learning the Ropes Section Link to Search This Site SectionOrientation to the U.S. Department of the Interior

Employee Privacy Act Responsibilities

 

Safeguarding Privacy Act Records  |  Disclosing Privacy Act Information to Others  |  Collecting Personal Information  |  Access to Records and Amendment Requests  
   

Employees who handle information on individuals should become familiar with the Departmental guidelines on the Privacy Act and privacy protection. Below are some situations which may require knowledge of Privacy Act procedures. Remember when in doubt contact your Privacy Act specialist.

Safeguarding Privacy Act Records
  
Consider how you handle the information you work with, and what measures you need to take to safeguard the personal information that you have about others in your possession
  
If you are creating new records systems or database privacy plans and procedures have to be in place. Contact your Privacy Act specialists to discuss how the information can be protected from the collection to disposal process
  
The Department has guidelines on "Safeguarding of Privacy Act Records" at 383 DM Ch. 8
  
Safeguard requirements cover (1) physical security measures, (2) information management practices, and (3) computer system/network security

Disclosing Privacy Act Information to Others
  
Be careful that personal information is not disclosed to anyone unless that individual has received prior permission to see the information from the subject of the record, or disclosures of the record are authorized by law
  
Contact your Privacy Act Officer for questions on appropriate disclosure procedures.
  
Only employees who have a legitimate need for the record in the performance of their duties have access to the information under the law
  
Even if you may have legitimate access, sharing information on individuals to others who do not have a legitimate need to know the information and would not have access to this information otherwise is a violation of the law for which there are legal penalties

Collecting Personal Information
   
Employees must collect only personal information from an individual that is relevant and necessary to accomplish and authorized agency function
  
When personal information is collected you must inform the individual in writing of the:
  • Legal authority
  • Purpose for collecting it
  • What related uses will be made of this information
  • Whether a response is mandatory or voluntary, and
  • What will be the effect if they refuse to respond

The information above is usually provided on a form given to the person providing the information.
   
Note: It is required on both paper and electronic forms - Something to think about if you are posting web forms on the Internet. Contact your Information Collection Officer and Privacy Act Officer.

   
Access to Records, and Amendment Requests
   
When the subject of the file requests to inspect or obtain information that is in a Privacy Act System of Records there are certain procedures which must be followed by authorized employees. Contact the system manager of the file or database, or your Privacy Act Coordinator. Refer to the Department manual section on the Privacy Act at 383 DM Ch. 6.
  
Not all information in a Privacy Act System are made available to the subject of the file. There are Privacy Act exempted records which are listed in the Department regulations on the Privacy Act at 43 CFR 2.79.
There are also specific procedures for someone requesting to amend their file. Contact the system manager of the file or database, or your Privacy Act Coordinator. Instructions on amendment of records requests are in 383 DM Ch. 6.

Divider

 

 

Link to Privacy Statement Link to Disclaimer Link to Acceptable Use Policy Link to Photographics Credits Link to FeedbackLinks to feedback, credits, acceptable use, disclaimer, and privacy