• Transparency: BPA provides notice – through Privacy Act statements, privacy notices and website notifications – to individuals whose personally identifiable information (PII) is collected, used, maintained and disseminated by BPA.
• Purpose Specification: BPA collects PII only when it is needed to meet a specific business purpose.
• Data Minimization: BPA collects only PII that is directly relevant and necessary to accomplish the purpose for which it was collected.
• Access/Use Limitation: Only BPA employees who need PII to conduct their official duties are granted access to PII. The PII must be used only for the specific purpose for which it was collected.
• Accuracy: BPA has enacted appropriate safeguards to ensure the thoroughness, completeness and accuracy of PII collected and maintained by BPA. BPA also provides a mechanism for individuals to access and correct PII maintained by BPA.
• Security: BPA protects PII through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification and unintended or inappropriate disclosure.
• Accountability and Auditing: BPA is accountable for complying with these principles, for providing privacy education and training to all BPA federal and contract employees and for auditing actual use of PII to demonstrate compliance with applicable privacy protection requirements.

• Develop and implement privacy policy compliant with controlling federal laws and regulations, DOE directives and BPA policies.
• Serve as BPA’s focal point for privacy matters.
• Provide policy guidance and assistance to offices throughout BPA in the execution of their privacy responsibilities.
• Review all new and existing laws, regulations and policies that may affect our privacy obligations.
• Audit all collections of PII and assessing privacy risk.
• Collaborate with offices throughout BPA to conduct Initial Privacy Evaluations (IPE) and Privacy Impact Assessments (PIA).
• Centralize FOIA and Privacy Act operations to provide policy and programmatic oversight.
• Operate a Privacy Incident Response Program, in collaboration with BPA Cyber Security, to ensure that incidents involving PII are properly reported, investigated and mitigated.
• Ensure BPA complies with DOE’s privacy reporting requirements.
• Provide training, education and outreach to build a culture of privacy across BPA and to advance transparency to our customers and the public.

Frequently Asked Questions

What is Personally Identifiable Information (PII)?

Who has the authority to collect and maintain PII at BPA?

What are the risks if PII is misused?

How does BPA notify individuals impacted by a compromise of PII?

How does BPA ensure PII is adequately protected?

What is the Privacy Act?

What Information is covered under the Privacy Act?

What is a System of Records (SOR)?

What is a System of Records Notice (SORN)?

What is a Privacy Impact Assessment (PIA)?

How do I submit a privacy complaint?

How do I submit a FOIA or Privacy Act amendment request?

Who can I contact if I have additional questions about privacy at BPA?

Where can I find more about federal information privacy requirements?

What is Personally Identifiable Information (PII)?

The definition of PII is broad. PII includes any information collected or maintained by the Bonneville Power Administration about any individual.  This includes:

• Information that can be used to distinguish or trace an individual, such as name, Social Security number, and biometric data, and
  
• Information about a person’s past or present status or activities, such as education, medical history, criminal history, or employment history.

Sensitive PII is PII that must be protected against loss because improper disclosure could result in substantial harm, embarrassment, inconvenience or unfairness to an individual. Improper disclosure includes loss, theft, and unauthorized release or sharing.

Sensitive PII: Examples

• Social Security number or last four digits
• Medical history and conditions
• Credit card and financial account numbers (personal and government)
• Driver’s license, state ID and passport number
• Education
• Height and weight
• Workplace performance and disciplinary history
• Employment history and information

Non-sensitive PII is information that is often publicly available, and its dissemination is unlikely to lead to harm. Keep in mind that you should exercise care when handling any kind of PII.

Non-sensitive PII: Examples

• Name
• E-mail address
• Home address
• Phone number
• HRMIS ID
• BUD login

Can PII be sensitive in some cases and not in others?

Context matters. Some kinds of PII are always considered sensitive, including Social Security numbers, birth dates, and biometric identifiers like fingerprints.  Other categories of PII are sensitive in certain contexts. For example:

• A list of employee names attending a meeting would be non-sensitive. A list of employee names facing disciplinary action would be sensitive because it is potentially harmful or embarrassing.
• Identifiable photographs are PII, but the sensitivity cannot be predicted because it depends on both content and context.

What other kinds of things are PII?

Many other things may be PII; the charts above are not exhaustive and only contain examples.  Remember, PII includes any information that meets the definition above, and sensitivity always depends on context.

Return to top.

Who has the authority to collect and maintain PII at BPA?

Only BPA employees with a need for PII to conduct their job duties may collect or maintain PII about members of the public or other BPA federal or contract employees.

The Privacy Act imposes civil and criminal penalties on any employee of an agency who willfully discloses PII held in a Federal System of Records (SOR) to any person or agency not entitled to receive it.

Return to top.

What are the risks if PII is misused?

The individual whose PII was the subject of the misuse and the organization that maintained the PII may experience some degree of adverse effects. Depending on the type of information involved, an individual may suffer social, economic or physical harm. If the information lost is sufficient to be exploited by an identity thief, for instance, the person may suffer from a loss of money, damage to credit, a compromise of medical records, threats, or harassment. The individual may also suffer from significant losses of time and money to address the damage. Other potential harms include embarrassment, improper denial of government benefits and discrimination.

Organizations may experience harm as a result of a loss of PII maintained by the organization. Harm may include remediation costs, financial losses, loss of public reputation and public trust, and legal liability.

Return to top.

What is different about protecting PII compared to protecting other data?

In many cases, protection of PII is similar to protection of other data and includes protecting the confidentiality, integrity and availability of the information. Most security controls used for other types of data are also applicable to the protection of PII. For PII, there are several privacy-specific safeguards, such as anonymization, minimization of PII collection and de-identification.

In addition to protection requirements for PII, there are other requirements for handling PII. The Fair Information Practices – established by the Privacy Act – advance best practice guidelines, such as purpose specification, use limitation, accountability and data quality.

Breaches to the confidentiality of PII have the potential to harm both the organization and the individual. Harm to individuals is of increased concern because of the magnitude of potential harm, such as identity theft, embarrassment and denial of benefits.  

Return to top.

How does BPA ensure PII is adequately protected?

BPA’s Privacy Office inventories and audits all collections of PII, utilizing Initial Privacy Evaluations (IPE) and Privacy Impact Assessments (PIA) to assess privacy impact and risk. The Privacy Office works in conjunction with IT and Cyber Security to ensure appropriate technical safeguards are in place to protect PII in electronic systems. Additionally, the Privacy Office promotes privacy education and awareness and works with individuals and offices across the agency to ensure adequate protection of PII. 

Return to top.

What is the Privacy Act?

The Privacy Act of 1974 mandates how federal agencies maintain PII, i.e., records that uniquely define an individual. The basic provisions of the Act require government agencies to:

• Collect only PII that is relevant and necessary to carry out an agency function.
• Limit access to PII to only those agency employees with a need for the information to conduct their official job duties.
• Maintain no secret records on American citizens or lawful permanent residents.
• Explain, at the time the information is collected, why it is needed and how it will be used.
• Ensure that the records are used only for the reasons given, or seek permission from the subject individual when another purpose for there is considered necessary.
• Provide adequate safeguards to protect the records from unauthorized access and disclosure.
• Allow individuals access to their records and provide individuals the opportunity to correct inaccuracies in their records.
• Allow individuals to find out about disclosures of their records to other agencies and persons.

Return to top.

What Information is covered under the Privacy Act?

Privacy Act records are records about individuals that are regularly retrieved by personal identifiers, such as a name or a unique identification number. Most of BPA’s Privacy Act records concern employees, and include, for instance, personnel records, official government travel records, and training records. Privacy Act records are grouped into Privacy Act Systems of Records.

Return to top.

What is a System of Records (SOR)?

A System of Records is a group or category of Privacy Act records under the control of a Federal government agency. A list of SORs utilized by BPA can be viewed here.

Return to top.

What is a System of Records Notice (SORN)?

A System of Records Notice (SORN) is a description of any Privacy Act SOR. SORNs generally describe the who, what, where and why of a system and describe the processes for individuals to access or contest the information being held about them in that system. SORNs also describe how the records in that system are used by BPA, and the circumstances under which BPA can disclose the records to third parties. SORNs are required to be published in the Federal Register.

Return to top.

What is a Privacy Impact Assessment (PIA)?

A Privacy Impact Assessment is an analysis of how PII is collected, maintained, used and disseminated by a BPA program or system as well as the risks associated with the collection of information. PIAs are required to be made available to the public. Current BPA PIAs will be viewable on this page soon.

Return to top.

How do I submit a privacy complaint?

If you wish to submit a privacy complaint concerning a BPA program, policy or action, please contact the BPA Privacy Office.
Email: privacy@bpa.gov
Phone: 503-872-7740

Return to top.

How do I submit a FOIA or Privacy Act amendment request?

To submit a FOIA or Privacy Act amendment request, following the instructions outlined here.

Return to top.

Who can I contact if I have additional questions about privacy at BPA?

If you have additional questions regarding BPA’s privacy program, you may contact the Privacy Office.
Email: privacy@bpa.gov
Phone: 503-872-7740

Return to top.

Where can I find more about federal information privacy requirements?

Office of Management Budget – Privacy Related Memoranda
Department of Energy Privacy Program
Department of Justice Office of Privacy and Civil Liberties

Return to top.  

Contact Information

Department of Energy Senior Agency Official for Privacy
Rocky Campione
Rocky.compione@hq.doe.gov

Department of Energy Chief Privacy Officer
Ken Hunt
Ken.hunt@hq.doe.gov

BPA Privacy Act Officer
Candice D. Palen
cdpalen@bpa.gov  

For Information, Please Call:  503-872-7740