![]() |
||||||
|
||||||
Frequently Asked Questions - General InformationThe Privacy Act of 1974 is a code of fair information practices which mandates how Government agencies, such as OSD, shall maintain records about individuals. The Privacy Act requires that Government agencies: collect only information that is relevant and necessary to carry out an agency function; maintain no secret records on individuals; explain at the time the information is being collected, why it is needed and how it will be used; ensure that the records are used only for the reasons given, or seek the person's permission when another purpose for their use is considered necessary or desirable; provide adequate safeguards to protect the records from unauthorized access and disclosure; allow people to see the records kept on them and provide them with the opportunity to correct inaccuracies in their records.Does the Privacy Act apply to all Government records? No. The Privacy Act only applies to Government records that: contain information on individuals; are maintained by a Government agency or its contractors in a system of records; and are retrieved by a personal identifier, such as a person's name, Social Security Number, medical record number or other unique identifier.Does the Privacy Act apply to all records maintained about individuals? No. The Privacy Act only applies to U.S. citizens or lawful permanent resident aliens and only to Government records that meet the requirements outlined in item 2 above. The Privacy Act does not apply to deceased persons.How does the Government inform the public about the record systems that are covered by the Privacy Act? The Government informs the public about record systems covered by the Privacy Act by publishing notices in the Federal Register. The record systems are referred to as Privacy Act systems of records and the notices provide a description of particular systems of records.What are an individual's basic rights and the agency employees' responsibilities under the Privacy Act? The following is a summary of an individual's rights and the OSD employee responsibilities under the Privacy Act regarding:
What can I do to meet my Privacy Act responsibilities? If the Privacy Act is to achieve its objectives, there must be cooperation by every employee and contractor who works with records containing individually identifiable information. In the course of your work you become a steward of the information entrusted to you. In order to meet the responsibilities of this stewardship, there are certain steps you should to take: a. Learn the requirements of the Privacy Act and how they relate to your particular job. This can be accomplished through formal training, on-the-job training, discussions with your supervisor, and reading. Acquaint yourself as much as possible with the Privacy Act policies and procedures that apply to the information that you work with day-to-day. b. Consider how you handle the information you work with, and what measures, if any, you need to take to safeguard the personal information that you have about others in your possession. c. Certain OSD staff has been specially trained in the requirements of this law and they are available to assist you. Your supervisor can give the name of your nearest Privacy Act official. d. Respond promptly to requests for information by quickly referring such requests to the responsible OSD Privacy Act official. Learn the procedures used for Privacy Act requests and follow them when requests for information are received. e. Be careful that personal information is not disclosed to anyone unless that individual has received prior permission to see the information from the subject of the record, or disclosures of the record are authorized by law. The Privacy Act authorizes disclosure of an OSD Privacy Act record to OSD employees who have a legitimate need for the record in the performance of their duties.Does the Privacy Act apply to all OSD employees? Yes. As an OSD employee you "wear two hats." On the one hand you are an individual citizen who is entitled to the full protection and rights afforded by the Privacy Act. On the other hand, you are a Federal employee who works with records containing personal information and who shares some responsibility in carrying out the requirements of the law. Unless you are a Privacy Act system manager or designee, you should never disclose information subject to the Privacy Act from the records in your care or allow unauthorized persons access to such records. The seriousness of this responsibility is evident from the penalties the Privacy Act imposes for knowing and willful violations of the law. Fines up to $5,000 can be imposed by the courts for willfully disclosing personal information that should not be released under the Privacy Act. Disciplinary actions may include reprimand, suspension, or termination of employment.Does the OSD have any Privacy Act Systems of Records? Yes. The OSD Privacy Act systems of records may be found at the following site: http://www.defenselink.mil/privacy/notices/osd/What does it mean to make a routine use disclosure from a Privacy Act System of Records? A routine use disclosure from a Privacy Act system of records permits disclosures of information from a record to requestors outside OSD without the consent of the individual to whom the record pertains. Routine use disclosures must be consistent with the purpose(s) for which the information was collected and must be published in the Federal Register. Routine use disclosures are not mandatory. They are optional disclosures made at the discretion of the appropriate Privacy Act System Manager or his/her designee. Agencies must keep an accounting of all disclosures made pursuant to a routine use.Does the Privacy Act apply to contractors? Yes, whenever a contractor establishes or maintains a system of records to carry out a function of OSD.What is "Personally Identifiable Information (PII)? Please see "Personnel 'Hilites' - Winter 2009." |
||||||
DoD CIO - PRIVACY ACT IMPACT ASSESSMENTS | E-GOVERNMENT ACT | PRIVACY & SECURITY | DISCLAIMER |