Effective Date: 10/10/84

Series: Administrative Services

Part 383: Public Access to Records

Chapter 8: Safeguarding of Privacy Act Records

Originating Office: Office of Information Resources Management

383 DM 8

8.1 Purpose. This chapter describes procedural requirements for the maintenance of appropriate administrative, technical, and physical safeguards for records subject to the Privacy

Act. These requirements are established to insure the security and confidentiality of records and to protect against hazards to their integrity. Proper safeguarding practices are intended to protect individuals on whom records are maintained in records systems subject to the Act from substantial harm, embarrassment, inconvenience, or unfairness.

8.2 Sensitivity of Information. Sensitivity of personal information in records contained in systems of records subject to the Act may vary from one system to another. The safeguarding standards for automated and non-automated records listed in the paragraphs below are the minimum standards specified in the Department's regulations (43 CFR Part 2, Subpart D, Section 2.51). Bureaus should implement more stringent safeguards for systems of records containing especially sensitive information.

8.3 Non-Automated Records. When maintained in hard copy (non-automated) form, records subject to the Privacy Act shall be safeguarded in a manner commensurate with the sensitivity of the information contained in the system of records. The following minimum or comparable safeguards are applicable to Privacy Act systems of records containing sensitive information.

• Records system areas shall be posted with warnings to include access limitation, standards of conduct for employees in handling Privacy Act records (383 DM 9), and possible criminal penalties for violations. A standardized Departmental "Privacy Act Notice" has been developed for this purpose as shown in Illustration 1 to this chapter. The notice may be reproduced locally, and a camera copy for local duplication is available for the Departmental Privacy Act Officer, Office of Information Resources Management.



• At all times, access to records should be restricted by storing the records in a locked metal file cabinet or locked room, except when the room is occupied by authorized personnel.



• Where a locked room is the method of security, steps should be taken to assure that master keys are not available to unauthorized personnel.

8.4 Automated Records. Records subject to the Act that are maintained in automated data processing form shall be subject to safeguards based on recommendations of the National Bureau of Standards contained in "Computer Security Guidelines for implementing the Privacy Act of 1974" (FIPS Pub. 41, May 30, 1975). Data protection safeguarding procedures must be developed in the categories of:

• Physical security measures for protecting the physical assets of a system and related facilities against environmental hazards or deliberate actions;



• Information management practices and procedures for collecting, validating, processing, controlling, and distributing data; and



• Computer system/network security techniques available in the hardware and software of a computer system or network for controlling the processing of and access to data and other assets.

8.5 Office of Personnel Management Personnel Records. Records maintained for the office of Personnel Management by the Department and used for the personnel management programs or processes shall be maintained under security requirements prescribed in OPM regulations (5 CFR 293).

8.6 Employee Earnings and Leave Statements. To ensure the protection of employee earnings and leave information, such statements will be: (a) printed on a privacy-type, multiple-part, pull-apart form (so that only the employee's identification appears on the first sheet). (b) distributed in sealed envelopes, or (c) mailed to the employee.

8.7 Transfer of Privacy Act Records. Appropriate safeguards must be taken when records subject to the Privacy Act are transferred within or outside the agency. Steps must be taken to assure the integrity and confidentiality of the records while in transit. When records are transferred to a Federal Records Center (FRC), the appropriate use restrictions applicable to the records must be specified on the transfer form. See 384 DM 4 for instructions and guidelines concerning the transfer of records. Records subject to the Privacy Act which are transferred to an FRC remain under the jurisdiction of the transferring agency and are subject to the applicable requirements of this Part 383 DM and the Department's regulations (43 CFR 2, Subpart D) until their destruction. The records of disclosures as described in 383 DM 7.7 which pertain to the Privacy Act records being transferred should be included in the transfer.

8.8 Disposal of Privacy Act Records. Records subject to the Privacy Act must be disposed of in accordance with the provisions of National Archives and Records Administration regulations, 36 CFR 1228.74. Those regulations require the disposal of such records as prescribed below. No other form of destruction is authorized. Additional general guidance on the disposal of records is provided in 384 DM 1.

• Records may be burned, shredded or pulped within the organization.



• Records may be pulped, macerated, or shredded by a wastepaper contractor, however, a Federal employee must witness the destruction. If authorized by the organization that created the records, a contractor employee may witness the destruction, provided that the following requirements are met. Contracts or agreements for the disposal of records subject to the provisions of the Privacy Act must prohibit the resale of the materials for use as records or documents, and must cite the civil and criminal provisions of the Privacy Act for improper safeguarding of the records until their destruction.



• FRC personnel will handle and witness the destruction of records in their possession.

383 DM 8

Illustration 1

NOTICE!

1. ACCESS TO THESE RECORDS IS LIMITED TO

AUTHORIZED PERSONS ONLY!

2. INFORMATION MAY NOT BE DISCLOSED FROM THIS FILE UNLESS PERMITTED PURSUANT TO

43 CFR 2.56.

3. THESE RECORDS MAY NOT BE ALTERED OR DESTROYED EXCEPT AS AUTHORIZED BY

43 CFR 2.52.

4. THE PRIVACY ACT CONTAINS PROVISIONS FOR CRIMINAL PENALTIES FOR KNOWINGLY AND WILLFULLY DISCLOSING INFORMATION FROM THIS FILE UNLESS PROPERLY AUTHORIZED.