Overview

    NASA places a high priority on protecting information in identifiable form that is collected, used, maintained, and disseminated by the Agency. In so doing, the Agency's policies for the protection of such information are responsive to numerous statutory requirements and oversight guidance provided by the Office of Management and Budget (OMB) memoranda and circulars.

    NASA Privacy Policies and Plans

    • NASA Privacy Procedural Requirements— NASA NPR 1382.1 →
    • NASA Procedures for Breach of PII – ITS-HBK-2810.09, 02, Appendix I
    • NASA PII Breach Notification Procedure

      Did You Know that all IT Security incidents involving the breach of personally identifiable information (PII), whether in electronic or physical form, must be reported to the Security Operations Center (SOC) immediately upon discovery. It doesn’t matter if the breach is suspected or confirmed.

      Sample Scenario:
      NASA worker loses her laptop. She reports it to the SOC.

      A person at the SOC receives it and replies, asking relevant questions. SOC personnel report it, in accordance with government requirements. They will then work with NASA Center personnel to conduct mitigation actions as appropriate.

    • NASA Rules and Consequences Policy Relative to Safeguarding Personally Identifiable Information (PII), ITS-NITR-1382-2 (PDF, 128K)

    NASA Officials for Privacy Related Matters

    NASA Privacy Program Manager:
    Bryan McCall
    NASA Office of the Chief Information Officer
    NASA Headquarters
    Washington, DC 20546-0001
    Contact: 202-358-1767

    NASA Agency Privacy Act Officer:
    Patti F. Stockman
    NASA Office of the Chief Information Officer
    NASA Headquarters
    Washington, DC 20546-0001
    Contact: 202-358-4787

Reports