Department of the Interior
Departmental Manual
Effective Date: 12/9/85
Series: Information Resources Management
Part 383: Public Access to Records
Chapter 4: Privacy Act - Management of Systems of Records
Originating Office: Office of Information Resources Management
|
This chapter has been given a new release number.* No text changes were made. |
383 DM 4
4.1 Purpose. This chapter defines required and optional system management activities for implementing the Privacy Act of 1974 (5 U.S.C. 552a) and the Departmental regulations (43 CFR Part 2, Subpart D).
4.2 Basic Requirement. The Privacy Act sets forth basic responsibilities and requirements pertaining to records maintained in systems of records accessible by an individual=s name, code, symbol, or other identifier. Each bureau must ensure that its system of records are identified and administered in accordance with the Privacy Act.
4.3 New Systems of Records and New Uses for Established Systems of Records. Each bureau shall ensure that all supervisors and employees with the authority to establish or modify records systems are aware of the system notice requirements of the Privacy Act. Plans to establish or to modify such systems must be reported to the Departmental Privacy Act Officer in the format set forth by OMB Circular No. A-130 at least 90 days before implementation (see 383 DM 5).
4.4 General Management. Each bureau shall establish its own program and practices for the implementation of the Privacy Act, except that such programs shall conform to and incorporate the following Departmental requirements.
A. Bureau Privacy Act Officer. The Department=s Privacy Act regulations require the designation of a Privacy Act Officer in each bureau and require such designee or the bureau head to concur in denials of requests for notification, access, or amendment. The Bureau Privacy Act Officer shall be the primary contact between the Departmental Privacy Act Officer and the bureau, for Privacy Act activities.
B. Privacy Act Coordinators. Each Secretarial and Departmental office shall designate a Privacy Act Coordinator to coordinate Privacy Act matters in that office. Because of the size of some Secretarial and Departmental offices, it may not be practical for the Privacy Act Coordinator to be fully informed on all the requirements of the Act. In such cases, the Departmental Privacy Act Officer may be consulted for guidance except on denials which may be appealed (see 383 DM 6.8B).
C. System Manager. The Privacy Act requires that the official who is responsible for the system of records be named in the system notice (see definition of Asystem of records@ in 383 DM 1.4C). This official is designated as the Asystem manager.@ Departmental regulations specify that denials of notification, access or amendment can only be made by the system manager, after concurrence by the Bureau Privacy Act Officer or bureau head. These assignments exist within the more general Departmental and bureau programs for implementing the Privacy Act and do not vest the sole responsibility for Privacy Act matters and implementation in the systems manager.
D. System Guidelines. Other chapters in this Part provide for the development of specific guidelines for some systems of records. While many aspects of the Privacy Act can be implemented through bureauwide instructions, there may be a need for specific guidelines for certain records systems (i.e., those that involve a number of locations). Such guidelines should be established as part of the bureau=s formal instruction system and should cover the characteristics unique to the system of records.
E. Departmentwide Systems of Records. Systems of records established on a Departmentwide basis are the responsibility of the Departmental office that establishes the system. Assignments to the bureaus, and guidelines and instructions covering the Departmentwide systems of records (including accounting and reporting) may be prepared by the responsible Departmental office and issued in appropriate directives or as chapters in this Part of the Departmental Manual. Bureaus whose records are covered by such notices are responsible to notify the pertinent Departmental office when any item described in the system notice requires revision.
4.5 Efficiency and Responsiveness. While the Privacy Act establishes some rules for the administration of systems of records, it does not inherently impose massive requirements for extra procedures and practices. Many of the Act=s requirements are merely those which any responsible office keeping records of a personal nature should observe. Further, the more open the access policies of the agency, with regard to the individuals who are the subjects of the records, the less the individuals need to invoke the access provisions of the Act, thereby generating reporting and other activities under the Act. Finally, the procedures for recording disclosures, informing individuals when gathering information, and reporting activity and new uses can be facilitated if the Act=s requirements are properly considered in the planning and design phase when revising or establishing new systems of records.
4.6 Use of Contractors. When a contract provides for the operation of a system of records to accomplish a Department function, the contractor shall be required to observe all the rules and abide by the provisions of the Privacy Act and the Department=s regulations published in 43 CFR Part 2, Subpart D.
A. In entering into such contracts issued pursuant to the Federal Acquisition Regulation (FAR), 48 CFR, the provisions of FAR Subpart 24.1 as supplemented by Department of the Interior Acquisition Regulation (DIAR), 48 CFR, Subpart 1424.1, will be followed.
B. In any other contractual arrangements with non-Federal entities which provide for the operation of a Privacy Act system of records to accomplish a Department function, requirements comparable to the FAR and DIAR clauses referenced above will be included in the document effecting the arrangement.
C. In both contracts issued pursuant to the FAR and DIAR, and in contractual arrangements referenced in 4.6B above, a regular employee of the bureau will be designated to be the system manager for the records operated by the contractor.
4.7 Information Collection Requirements.
A. Specific notification must be provided to individuals who are asked to provide information about themselves which will be used in a system of records. The form or other instrument used to collect the information must contain the information listed below. Also, forms which collect such information from the public must be approved by the Office of Management and Budget (see 381 DM 12). Specialized inserts in forms, statements for attachment, and/or interview handouts should be developed for each system to advise the individual on:
(1) The authority (statute or Executive Order) authorizing the solicitation of the information and whether disclosure of such information is mandatory, voluntary, or required to obtain a benefit;
(2) The principal purpose or purposes for which the information is intended to be used;
(3) The routine uses that may be made of the information; and
(4) the effects on the individual, if any, of not providing all or any part of the requested information.
B. The information noted above that must be provided to individuals can be derived from the description contained in the notice describing the system of records. See 383 DM 4.3 above and 383 DM 5 for requirements regarding systems of records notices which must be published in the Federal Register.
*
12/9/85 #3450
Replaces 12/9/85 #2659