Aeronautics and Space
This part 1212 implements the Privacy Act of 1974, as amended (5 U.S.C. 552a). It establishes procedures for individuals to access their Privacy Act records and to request amendment of information in records concerning them. It also provides procedures for administrative appeals and other remedies. This part applies to systems of records located at or under the cognizance of NASA Headquarters, NASA Field Centers, and NASA Component Installations, as defined in part 1201 of this chapter.
For the purposes of this part, the following definitions shall apply in addition to definitions contained in the Privacy Act of 1974, as amended (5 U.S.C. 552a):
(a) The term individual means a living person who is either a citizen of the United States or an alien lawfully admitted for permanent residence.
(b) The term maintain includes maintain, collect, use or disseminate.
(c) The term record means any item, collection, or grouping of information about an individual including, but not limited to, education, financial transactions, medical history, and criminal or employment history, and that contains a name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.
(d) The term system of records means a group of any records from which information is retrieved by the name of the individual or by some identifying number, symbol or other identifying particular assigned to the individual.
(e) The term system managerFederal Register. means the NASA official who is responsible for a system of records as designated in the system notice of that system of records published in the Federal Register. When a system of records includes portions located at more than one NASA Center, the term system manager includes any subsystem manager designated in the system notice as being responsible for that portion of the system of records located at the respective Center.
(f) The term systems noticeFederal Register means, with respect to a system of records the publication of information in the Federal Register upon establishment or revision of the existence and character of the system of records. The notice shall include that information as required by 5 U.S.C. 552a(e)(4).
(g) The term routine use means, with respect to the disclosure of a record, the use of the record for a purpose which is compatible with the purpose for which it was collected.
(h) The term NASA employeeNASA official, or NASA official, particularly for the purpose of § 1212.203(g) relates to the disclosure of a record to those who have a need for the record in the performance of their official duties, includes employees of a NASA contractor which operates or maintains a NASA system of records for or on behalf of NASA.
The procedures outlined in this subpart 1212.2 apply to the following types of requests made by individuals under the Privacy Act concerning records about themselves:
(a) To determine if information on the requester is included in a system of records;
(b) For access to a record under 5 U.S.C. 552a(d)(1); and
(c) For an accounting of disclosures of the individual's Privacy Act records under 5 U.S.C. 552a(c)(3).
(a) Individuals may request access to their Privacy Act records, either in person or in writing.
(b) Individuals may also authorize a third party to have access to their Privacy Act records. This authorization shall be in writing, signed by the individual and contain the individual's address as well as the name and address of the representative being authorized access. The identities of both the subject individual and the representative must be verified in accordance with the procedures set forth in § 1212.202 of this part.
(c)(1) Requests must be directed to the appropriate system manager, or, if unknown, to the Center Privacy Manager or Freedom of Information Act (FOIA) Office at NASA Headquarters or Field Center. The request should be identified clearly on the envelope and on the letter as a “Request Under the Privacy Act.”
(2) Where possible, requests should contain the following information to ensure timely processing:
(i) Name and address of subject.
(ii) Identity of the system of records.
(iii) Nature of the request.
(iv) Identifying information specified in the applicable system notice to assist in identifying the request, such as location of the record, if known, full name, birth date, time periods in which the records are believed to have been compiled, etc.
(d) NASA has no obligation to comply with a nonspecific request for access to information concerning an individual, e.g., a request to provide copies of “all information contained in your files concerning me,” although a good faith effort will be made to locate records if there is reason to believe NASA has records on the individual. If the request is so incomplete or incomprehensible that the requested record cannot be identified, additional information or clarification will be requested in the acknowledgement, and assistance to the individual will be offered as appropriate.
(e) If the Center Privacy Manager receives a request for access, the Privacy Manager will record the date of receipt and immediately forward the request to the responsible system manager for handling.
(f) If the Center FOIA Office receives a first party request for records or access, the FOIA Office will process the request under the Privacy Act pursuant to this part.
(g) Normally, the system manager shall respond to a request for access within 10 work days of receipt of the request and the access shall be provided within 30 work days of receipt.
(1) In response to a request for access, the system manager shall:
(i) Notify the requester that there is no record on the individual in the system of records and inform the requester of the procedures to follow for appeal (See § 1212.4);
(ii) Notify the requester that the record is exempt from disclosure, cite the appropriate exemption, and inform the requester of the procedures to follow for appeal (See § 1212.4);
(iii) Upon request, promptly provide copies of the record, subject to the fee requirements (§ 1212.204); or
(iv) Make the individual's record available for personal inspection in the presence of a NASA representative.
(2) Unless the system manager agrees to another location, personal inspection of the record shall be at the location of the record as identified in the system notice.
(3) When an individual requests records in a system of records maintained on a third party, the request shall be processed as a Freedom of Information Act (FOIA) request under 14 CFR part 1206. If the records requested are subject to release under FOIA (5 U.S.C. 552(b)), then a Privacy Act exemption may not be invoked to deny access.
(4) When an individual requests records in a system of records maintained on the individual, the request shall be processed under this part. NASA will not rely on exemptions contained in FOIA to withhold any record which is otherwise accessible to the individual under this part.
(a) The system manager will release records to the requester or representative in person only upon production of satisfactory identification which includes the individual's name, signature, and photograph or physical description.
(b) The system manager will release copies of records by mail only when the circumstances indicate that the requester and the subject of the record are the same. The system manager may require that the requester's signature be notarized or witnessed by two individuals unrelated to the requester.
(c) Identity procedures more stringent than those required in this section may be prescribed in the system notice when the records are medical or otherwise sensitive.
(a) The system manager shall keep a disclosure accounting for each disclosure to a third party of a record from a system of records. This includes records disclosed pursuant to computer matching programs.
(b) Disclosure accountings are not required but are recommended for disclosures made:
(1) With the subject individual's consent; or
(2) In accordance with § 1212.203(f) (1) and (2), below.
(c) The disclosure accounting required by paragraph (a) of this section shall include:
(1) The date, nature, and purpose of the disclosure; and
(2) The name and address of the recipient person or Agency.
(d) The disclosure accounting shall be retained for at least 5 years after the disclosure or for the life of the record, whichever is longer.
(e) The disclosure accounting maintained under the requirements of this section is not itself a system of records.
(f) Records in a NASA system of records may not be disclosed to third parties without the consent of the subject individual. However, in consonance with 5 U.S.C. 552a(b), disclosure may be authorized without consent, if disclosure would be:
(1) To an officer or employee of NASA who has a need for the record in the performance of official duties;
(2) Required under the Freedom of Information Act (5 U.S.C. 552) and part 1206 of this chapter;
(3) For a routine use described in the system notice for the system of records;
(4) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of Title 13, U.S. Code;
(5) To a recipient who has provided NASA with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;
(6) To the National Archives and Records Administration as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government or for evaluation by the Archivist of the United States or the Archivist's designee to determine whether the record has such value;
(7) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity, if the activity is authorized by law and if the head of the agency or instrumentality has made a written request to NASA specifying the particular portion desired and the law enforcement activity for which the record is sought;
(8) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual;
(9) To either House of Congress or, to the extent the matter is within its jurisdiction, any committee or subcommittee, or any joint committee of Congress or subcommittee of any such joint committee;
(10) To the Comptroller General, or any of the Comptroller's authorized representative(s), in the course of the performance of the duties of the General Accounting Office;
(11) Pursuant to the order of a court of competent jurisdiction; or
(12) To a consumer reporting agency in accordance with section 3711(f) of Title 31.
(a) Fees will not be charged for:
(1) Search for a retrieval of the requesting individual's records;
(2) Review of the records;
(3) Making a copy of a record when it is a necessary part of the process of making the record available for review;
(4) Transportation of the record(s);
(5) Making a copy of an amended record to provide evidence of the amendment; or
(6) Copies of records if this is determined to be in the best interest of the Government.
(b) Fees for the duplication of records will be assessed in accordance with § 1206.700(a) of this chapter.
(c) Where it appears that duplication fees chargeable under this section will exceed $25, the requester shall be provided an estimate of the fees before copies are made. Where possible, the requester will be afforded the opportunity to confer with Agency personnel in a manner which will reduce the fees, yet still meet the needs of the requester.
(d) Where the anticipated fee chargeable under this section exceeds $25, an advance deposit of part or all of the anticipated fee may be required.
(a) The NASA Administrator has determined that the systems of records set forth in § 1212.501 are exempt from disclosure to the extent provided therein.
(b) Medical records. Normally, an individual's medical record shall be disclosed to the individual, unless the system manages, in consultation with a medical doctor, determines that access to the record could have an adverse effect upon the individual. In this case, NASA shall allow access to the record by a medical doctor designated in writing by the requesting individual.
(c) Test and qualification materials. Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service the disclosure of which would compromise the objectivity or fairness of the testing or examination process and copies of certificates of eligibles and other lists of eligibles, the disclosure of which is proscribed by 5 CFR 300.201, shall be removed from an individual's record containing such information before granting access.
(d) Information compiled for civil actions or proceedings. Nothing in this part shall allow an individual access to any information compiled in reasonable anticipation of a civil action or proceeding.
Individuals may request that NASA amend their records maintained in a NASA system of records under the provisions of 5 U.S.C. 552a(d)(2). This request shall be in writing, addressed to the appropriate system manager, and shall contain the following:
(a) A notation on the envelope and on the letter that it is a “Request for Amendment of Individual Record under the Privacy Act;”
(b) The name of the system of records;
(c) Any information necessary to retrieve the record, as specified in the system notice for the system of records (See § 1212.201(c)(2));
(d) A description of that information in the record which is alleged to be inaccurate, irrelevant, untimely, or incomplete; and,
(e) Any documentary evidence or material available to support the request.
(a) Within 10 work days of receipt by NASA of a request to amend a record, the system manager shall provide the requester with a written determination or acknowledgement advising when action may be taken.
(b) When necessary, NASA may utilize up to 30 work days after receipt to provide the determination on a request to amend a record.
(c) If the request for amendment is denied, the determination shall explain the reasons for the denial and inform the requester of the procedures to follow for appeal (See § 1212.4)).
NASA shall make the requested amendment clearly on the record itself and all information deemed to be inaccurate, irrelevant, or untimely shall be deleted and destroyed. Incomplete information shall either be amended or deleted and destroyed. The individual shall then be informed in writing that the amendment has been made. If the inaccurate, irrelevant, untimely, or incomplete portion of the record has previously been disclosed, then the system manager shall notify those persons or agencies of the amended information, referencing the prior disclosures (See § 1212.402).
(a) Individuals may appeal when they:
(1) Have requested amendment of a record and have received an adverse initial determination;
(2) Have been denied access to a record; or,
(3) Have not been granted access within 30 work days of their request.
(b) The Associate Deputy Administrator or designee is responsible for making final determinations of appeals as specified in paragraphs (a)(1) through (3) of this section for all Agency records, with the exception of those records originating in the Office of the Inspector General for which the Inspector General is responsible for making final determinations of appeals.
(c) An appeal shall:
(1) Be in writing and addressed to the Associate Deputy Administrator, NASA, Washington, DC 20546 or to the Inspector General, NASA Headquarters, Washington, DC 20546, for records as specified in paragraph (b) of this section;
(2) Be identified clearly on the envelope and in the letter as an “Appeal under the Privacy Act;”
(3) Include a copy of any pertinent documents; and
(4) State the reasons for the appeal.
(d) Appeals from adverse initial determinations or denials of access must be submitted within 30 work days of the date of the requester's receipt of the initial determination. Appeals involving failure to grant access may be submitted any time after the 30 work day period has expired (See § 1212.201(f)).
(e) A final determination on an appeal shall be made within 30 work days after its receipt by the Associate Deputy Administrator or Inspector General for appeals concerning records originating in the Office of the Inspector General, unless, for good cause shown, the Associate Deputy Administrator or Inspector General extends such 30 work day period. Prior to the expiration of the 30 work day period, the requester shall be notified of any such extension.
(f) If a denial of a request to amend a record is upheld, the final determination shall:
(1) Explain the basis for the detail;
(2) Include information as to how the requester goes about filing a statement of dispute under the procedures of § 1212.401; and,
(3) Include a statement that the final determination is subject to judicial review under 5 U.S.C. 552a(g).
(a) A statement of dispute shall:
(1) Be in writing;
(2) Set forth reasons for the individual's disagreement with NASA's refusal to amend the record;
(3) Be concise;
(4) Be addressed to the system manager; and,
(5) Be identified on the envelope and in the letter as a “Statement of Dispute under the Privacy Act.”
(b) The system manager shall prepare an addendum to the statement explaining the basis for NASA's refusal to amend the disputed record. A copy of the addendum shall be provided to the individual.
(c) The system manager shall ensure that the statement of dispute and addendum are either filed with the disputed record or that a notation appears in the record clearly referencing the statement of dispute and addendum so that they may be readily retrieved.
(a) The system manager shall promptly provide persons or agencies to whom the disputed portion of a record was previously disclosed and for which an accounting of the disclosure exists under the requirements of § 1212.203 of this part, with a copy of the statement of dispute and addendum, along with a statement referencing the prior disclosure. The subject individual shall be notified as to those individuals or agencies which are provided with the statement of dispute and addendum.
(b) Any subsequent disclosure of a disputed record shall clearly note the portion of the record which is disputed and shall be accompanied by a copy of the statement of dispute and addendum.
(a) These provisions authorize the Administrator of NASA to exempt certain NASA Privacy Act systems of records from portions of the requirements of this regulation.
(b) The Administrator has delegated this authority to the Associate Deputy Administrator (See § 1212.701).
(c) For those NASA systems of records that are determined to be exempt, the system notice shall describe the exemption and the reasons.
The Administrator has determined that the following systems of records are exempt to the extent provided hereinafter.
(a) Inspector General Investigations Case FilesSections of the Act from which exempted.—(1) Sections of the Act from which exempted. (i) The Inspector General Investigations Case Files system of records is exempt from all sections of the Privacy Act (5 U.S.C. 552a) except the following sections: (b) relating to conditions of disclosure; (c) (1) and (2) relating to keeping and maintaining a disclosure accounting; (e)(4) (A) through (F) relating to publishing a system notice setting forth name, location, categories of individuals and records, routine uses, and policies regarding storage, retrievability, access controls, retention and disposal of the records; (e) (6), (7), (9), (10), and (11) relating to dissemination and maintenance of records, and (i) relating to criminal penalties. This exemption applies to those records and information contained in the system of records pertaining to the enforcement of criminal laws.
(ii) To the extent that noncriminal investigative files may exist within this system of records, the Inspector General Investigations Case Files system of records is exempt from the following sections of the Privacy Act (5 U.S.C. 552a): (c)(3) relating to access to the disclosure accounting, (d) relating to access to records, (e)(1) relating to the type of information maintained in the records; (e)(4) (G), (H), and (I) relating to publishing the system notice information as to agency procedures for access and amendment and information as to the categories of sources or records, and (f) relating to developing agency rules for gaining access and making corrections.
(2) Reason for exemptions. (i) The Office of Inspector General is an office of NASA, a component of which performs as its principal function activity pertaining to the enforcement of criminal laws, within the meaning of 5 U.S.C. 552a(j)(2). This exemption applies only to those records and information contained in the system of records pertaining to criminal investigations. This system of records is exempt for one or more of the following reasons:
(A) To prevent interference with law enforcement proceedings.
(B) To avoid unwarranted invasion of personal privacy, by disclosure of information about third parties, including other subjects of investigation, investigators, and witnesses.
(C) To protect the identity of Federal employees who furnish a complaint or information to the OIG, consistent with section 7(b) of the Inspector General Act of 1978, as amended, 5 U.S.C. App.
(D) To protect the confidentiality of non-Federal employee sources of information.
(E) To assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems.
(F) To prevent disclosure of law enforcement techniques and procedures.
(G) To avoid endangering the life or physical safety of confidential sources and law enforcement personnel.
(ii) Investigative records within this system of records which are compiled for law enforcement purposes, other than material within the scope of subsection (j)(2), are exempt under the provisions of 5 U.S.C. 552a(k)(2): Provided, however, That if any individual is denied any right, privilege, or benefit that they would otherwise be entitled by Federal law, or for which they would otherwise be eligible, as a result of the maintenance of such material, such material shall be provided to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to January 1, 1975, under an implied promise that the identity of the sources would be held in confidence. This system of records is exempt for one or more of the following reasons:
(A) To prevent interference with law enforcement proceedings.
(B) To protect investigatory material compiled for law enforcement purposes.
(C) To avoid unwarranted invasion of personal privacy, by disclosure of information about third parties, including other subjects of investigation, law enforcement personnel, and sources of information.
(D) To fulfill commitments made to protect the confidentiality of sources.
(E) To protect the identity of Federal employees who furnish a complaint or information to the OIG, consistent with section 7(b) of the Inspector General Act of 1978, as amended, 5 U.S.C. App.
(F) To assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems.
(G) To prevent disclosure of law enforcement techniques and procedures.
(H) To avoid endangering the life or physical safety of confidential sources and law enforcement personnel.
(iii) Records within this system of records comprised of investigatory material compiled solely for the purpose of determining suitability or eligibility for Federal civilian employment or access to classified information, are exempt under the provisions of 5 U.S.C. 552a(k)(5), but only to the extent that disclosure would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or prior to January 1, 1975, under an implied promise that the identity of the source would be held in confidence. This system of records is exempt for one or more of the following reasons:
(A) To fulfill commitments made to protect the confidentiality of sources.
(B) To assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems.
(b) Security Records SystemSections of the Act from which exempted.—(1) Sections of the Act from which exempted. The Security Records System is exempted from the following sections of the Privacy Act (5 U.S.C. 552a): (c)(3) relating to access to the disclosure accounting; (d) relating to access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4) (G), (H), and (I) relating to publishing the system notice information as to agency procedures for access and amendment, and information as to the categories of sources of records; and (f) relating to developing Agency rules for gaining access and making corrections.
(2) Reason for exemption. (i) Personnel Security Records contained in the system of records which are compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information are exempt under the provisions of 5 U.S.C. 552a(k)(5), but only to the extent that the disclosure of such material would reveal the identity of the source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to January 1, 1975, under an implied promise that the identity of the sources would be held in confidence. This system of records is exempt for one or more of the following reasons:
(A) To fulfill commitments made to protect the confidentiality of sources.
(B) To assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems.
(ii) Criminal Matter Records are contained in the system of records and are exempt under the provisions of 5 U.S.C. 552a(k)(2): Provided, however, That if any individual is denied any right, privilege, or benefit that they would otherwise be entitled by Federal law, or for which they would otherwise be eligible, as a result of the maintenance of such material, such material shall be provided to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to January 1, 1975, under an implied promise that the identity of the sources would be held in confidence. This system of records is exempt for one or more of the following reasons:
(A) To prevent interference with law enforcement proceedings.
(B) To protect investigatory material compiled for law enforcement purposes.
(C) To avoid unwarranted invasion of personal privacy, by disclosure of information about third parties, including other subjects of investigation, law enforcement personnel, and sources of information.
(D) To fulfill commitments made to protect the confidentiality of sources.
(E) To assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems.
(F) To prevent disclosure of law enforcement techniques and procedures.
(G) To avoid endangering the life or physical safety of confidential sources and law enforcement personnel.
(iii) The system of records includes records subject to the provisions of 5 U.S.C. 552(b)(1) (required by Executive order to be kept secret in the interest of national defense or foreign policy), and such records are exempt under 5 U.S.C. 552a(k)(1).
In compliance with the Privacy Act and in accordance with the requirements and procedures of this regulation, NASA has an obligation to:
(a) Advise individuals, when requested, as to whether any specific system of records maintained by NASA contains records pertaining to them;
(b) Prevent records being maintained by NASA in a system of records for a specific purpose from being used or made available for another purpose without the individual's consent; and,
(c) Permit individuals to have access to information about themselves in a NASA system of records, to have a copy made, and, if appropriate under subpart 1212.3 of this part, to amend the records.
(a) In maintaining systems of records, NASA shall:
(1) Maintain any record in a system of records for necessary and lawful purposes only, assure that the information is current and accurate for its intended use, and provide adequate safeguards to prevent misuse of the information.
(2) Maintain only information about an individual relevant and necessary to accomplish a purpose or to carry out a function of NASA authorized by law or by Executive order of the President.
(3) Maintain records used by NASA officials in making any determination about any individual with such accuracy, relevance, timeliness, and completeness reasonably necessary to assure fairness to the individual in making the determination.
(4) Maintain no record describing how an individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute, by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity.
(5) Maintain and provide access to records of other agencies under NASA's control consistent with the regulations of this part.
(b) Any system of records maintained by NASA which is in addition to or substantially different from a Governmentwide systems of records described in a systems notice published by another agency shall be regarded as a NASA system of records subject to the requirements of this part.
(c) NASA shall provide adequate advance notice to Congress and OMB of any proposal to establish a new system of records or alter any existing system of records as prescribed by OMB Circular No. A-130, appendix I.
In collecting information for systems of records, the following requirements shall be met:
(a) Information shall be collected to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs. Exceptions to this policy may be made under certain circumstances, such as one of the following:
(1) There is a need to verify the accuracy of the information supplied by an individual.
(2) The information can only be obtained from a third party.
(3) There is no risk that information collected from third parties, if inaccurate, could result in an adverse determination to the individual concerned.
(4) Provisions are made to verify with the individual information collected from a third party.
(b) Each individual who is asked to supply information shall be informed of the following:
(1) The authority (whether granted by statute, or by Executive order of the President) for requesting the information;
(2) Whether disclosure is mandatory or voluntary;
(3) The intended official use of the information;
(4) The routine uses which may be made of the information, as published in the system notices;
(5) The effects, if any, on the individual of not providing all or any part of the requested information.
NASA will not sell, rent, or otherwise disclose an individual's name and address to anyone, unless otherwise specifically authorized by law. This is not to be construed to require the withholding of names and addresses otherwise permitted to be made public.
(a) It is unlawful for NASA to deny to individuals any rights, benefits, or privileges provided by law because of the individuals' refusal to disclose their social security numbers, except where:
(1) The disclosure is required by law; or
(2) The disclosure is from a system of records in existence and operating before January 1, 1975, and was required under statute or regulation adopted before that date to verify the identity of the individual(s).
(b) Any time individuals are requested to disclose their social security numbers, NASA shall indicate whether that disclosure is mandatory or voluntary, by what authority the numbers are requested, and what uses will be made of them.
(a) Safeguards appropriate for a NASA system of records shall be developed by the system manager in a written plan approved by the Center Security Officer or Center Information Technology Security Officer for electronic records maintained in automated systems. Safeguards must insure the security and confidentiality of records and protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
(b) When records or copies of records are distributed within NASA they shall be prominently identified as records protected under the Privacy Act and shall be subject to the same safeguard, retention, and disposition requirements applicable to the system of records.
(c) When records or copies of records are distributed to other Federal agencies, other than those having custody of the systems of records, they shall be prominently identified as records protected under the Privacy Act.
(d) Records that are otherwise required by law to be released to the public need not be safeguarded or identified as Privacy Act records.
(a) NASA officials may maintain and use, for official purposes, duplicate copies of records or portions of records from a system of records maintained by their own organizational unit. This practice should occur only where there are justifiable organizational needs for it, e.g., where geographic distances make use of the system of records time consuming or inconvenient. These duplicate copies shall not be considered a separate NASA system of records. For example, an office head or designee may keep duplicate copies of personnel, training, or similar records on employees within the organization for administrative convenience purposes.
(b) No disclosure shall be made from duplicate copies outside of the organizational unit. Any outside request for disclosure shall be referred to the appropriate system manager for response.
(c) Duplicate copies are subject to the same safeguard requirements applicable to the system of records.
(a) Each NASA employee is responsible for adhering to the requirements of the Privacy Act and this regulation.
(b) An employee shall not seek or obtain access to a record in a NASA system of records or to copies of any portion of such records under false pretenses. Only those employees with an official “need to know” may seek and obtain access to records pertaining to others.
(c) Employees shall refrain from discussing or disclosing personal information about others which they have obtained because of their official need to know such information in the performance of official duties.
(d) To the extent included in a contract which provides for the maintenance by or on behalf of NASA of a system of records to accomplish a function of NASA, the requirements of this section shall apply to contractor employees who work under the contract.
The Associate Deputy Administrator is responsible for:
(a) Making final Agency determinations on appeals (§ 1212.400), except on those related to records originating in the Office of the Inspector General;
(b) Authorizing exemptions from one or more provisions of the Privacy Act for NASA systems of records (See § 1212.500); and,
(c) Authorizing an extension for making a final determination on an appeal (§ 1212.400(d)), except for an appeal related to records originating in the Office of the Inspector General.
The Inspector General is responsible for:
(a) Making final Agency determinations on appeals related to records originating with the Office of the Inspector General (§ 1212.400), and
(b) Authorizing an extension for making a final determination on an appeal related to records originating with the Office of the Inspector General (§ 1212.400(e)).
(a) The NASA Chief Information Officer is responsible for the following:
(1) Providing overall supervision and coordination of NASA's policies and procedures under this regulation;
(2) Approving system notices for publication in the Federal Register;
(3) Assuring that NASA employees and officials are informed of their responsibilities and that they receive appropriate training for the implementation of these requirments; and,
(4) Preparing and submitting the biennial report on implementation of the Privacy Act to OMB and special reports required under this regulation, including establishing appropriate reporting procedures in accordance with OMB Circular No. A-130.
(b) The Chief Information Officer may establish a position of ‘NASA Privacy Act Officer,’designate someone to function as such an officer, and delegate to that officer any of the functions described in paragraph (a) of this section.
(a) Officials-in-Charge of Headquarters Offices, Directors of NASA Field Centers and Officials-in-Charge of Component Facilities are responsible for the following with respect to those systems of records maintained in their organization:
(1) Avoiding the establishment of new systems of records or new routine uses of a system of records without first complying with the requirements of this regulation;
(2) Ensuring that the requirements of this regulation and the Privacy Act are followed by employees;
(3) Ensuring that there is appropriate coordination within NASA before a determination is made to disclose information without the individual's consent under authority of 5 U.S.C. 552a(b) (See § 1212.203(f)); and
(4) Providing appropriate oversight for responsibilities and authorities exercised by system managers under their jurisdiction (§ 1212.705).
(5) Establish a position of Center Privacy Manager to assist in carrying out the responsibilities listed in this section.
(b) [Reserved]
(a) Each system manager is responsible for the following with regard to the system of records over which the system manager has cognizance:
(1) Overall compliance with this part, NASA Policy Directive (NPD) 1382.17 and NASA Procedural Requirements (NPR) 1382.1.
(2) Ensuring that each person involved in the design, development, operation, or maintenance of the system of records is instructed with respect to the requirements of this regulation and the possible penalties for noncompliance;
(3) Submitting a request to the Associate Deputy Administrator for an exemption of the system under subpart 1212.5 of this part, setting forth in proposed rulemaking form the reasons for the exemption and citing the specific provision of the Privacy Act which is believed to authorize the exemption;
(4) After consultation with the Office of the General Counsel or the Chief Counsel, making reasonable efforts to serve notice on an individual when any record on such individual is made available to any person under compulsory legal process when such process becomes a matter of public record;
(5) Making an initial determination on an individual's request to correct or amend a record, in accordance with § 1212.302;
(6) Prior to disclosure of any record about an individual, assuring that the record is first reviewed for accuracy, completeness, timeliness, and relevance;
(7) Authorizing disclosures of a record without the individual's consent under § 1212.203(f)(1) through (12);
(8) Responding within the requirements of § 1212.200 to an individual's request for information as to whether the system contains a record pertaining to the individual;
(9) Responding to an individual's request for access and copying of a record, in accordance with subpart 1212.2 of this part;
(10) Amending a record under subpart 1212.3 of this part, or filing in an individual's record a statement of dispute;
(11) Preparing an addendum to an individual's statement of dispute to be filed in the individual's records, in accordance with § 1212.401;
(12) Maintaining disclosure accountings in accordance with 5 U.S.C. 552a(c) and § 1212.203 of this part. This includes records disclosed pursuant to any computer matching programs;
(13) Notifying persons to whom a record has been disclosed and for which an accounting was made as to disputes and corrections involving the record; and
(14) Developing appropriate safeguards for the system of records in accordance with § 1212.605(a).
(b) Where a system of records has subsystems described in the system notice, the subsystem manager will have the responsibilities outlined in paragraph (a) of this section. Although the system manager has no line authority over subsystem managers, the system manager does have overall functional responsibility for the total system, and may issue guidance to subsystem managers on implementation of this part. When furnishing information for required reports, the system manager will be responsible for reporting the entire system of records, including any subsystems.
(c) Exercise of the responsibilities and authorities in paragraph (a) of this section by any system or subsystem managers at a NASA Center shall be subject to any conditions or limitations imposed in accordance with § 1212.704(a)(4) and (5).
The Assistant Administrator for Procurement is responsible for developing appropriate procurement regulations and procedures under which NASA contracts requiring the maintenance of a system of records in order to accomplish a NASA function are made subject to the requirements of this part.
Authority necessary to carry out the responsibilities specified in this regulation is delegated to the officials named, subject to any conditions or limitations imposed in accordance with this subpart 1212.7.
Failure to comply with the requirements of the Privacy Act and this part could subject NASA to civil suit under the provisions of 5 U.S.C. 552a(g).
(a) A NASA officer or employee may be subject to criminal penalties under the provisions of 5 U.S.C. 552a(i) (1) and (2).
(1) Section 552a(i)(1). Any officer or employee of an agency, who by virtue of employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this section or by rules or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.
(2) Section 552a(i)(2). Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.
(3) These two provisions apply to NASA civil service employees as well as those employees of a NASA contractor with responsibilities for maintaining a Privacy Act system of records.
(b) Section 552a(i)(3). Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.
"Good judgement seeks balance and progress. Lack of it eventually finds imbalance and frustration."