Privacy Act Desk Reference Guide
By DON CIO Privacy Team - Published, September 15, 2010
What is the Privacy Act?
The Privacy Act (PA) pertains to records the Department of the Navy is maintaining about you. More than 150 types of PA System of Records Notices (SORNs) have been identified that allow the DON to collect, maintain, use and disseminate information about individuals affiliated with the Department. View a complete list of approved systems.
Why Should You Care?
Privacy breaches cost money and may impact you. Additionally, there are civil remedies and criminal penalties for illegally maintaining, collecting, using and disseminating personal information.
Some examples of privacy data include:
What is a Record?
- Financial, credit and medical data;
- Security clearance level;
- Social Security number;
- Leave balances and types of leave used;
- Home address and telephone numbers, home web addresses and family data;
- Mother's maiden name and other names used;
- Drug test results, participation in rehabilitation programs and performance ratings;
- Religion, race and national origin; and
- Names of employees who hold government-issued travel cards and the card data.
Any item, collection or grouping of information, whatever the storage media (e.g., paper, electronic, etc.), about an individual that is maintained by a DON activity. This includes, but is not limited to, the individual's education, financial transactions, and medical, criminal, or employment history, and that contains the individual's name or other identifying particulars assigned to the individual, such as a finger or voice print or a photograph.
What is a PA System of Records Notice?
A SORN delineates the types of information being collected and on whom, the authority for collecting the information, where it is located, how it is filed, to whom it is routinely disclosed, instructions on how to access the information, how long it will be maintained, the source of information, record retention/disposal requirements and where the information comes from. Each SORN has an assigned PA system of records manager. The SORN is approved by CNO (DNS-36), the Department of Defense and Congress, and then published in the Federal Register for comment prior to final approval and use. Because many DON activities perform similar functions related to managing personnel, most collections of personal information are covered by umbrella SORNs.
PA System of Records Managers Responsibilities
PA system managers are responsible for complying with the requirements of the SORN and overseeing the collection, maintenance, use and dissemination of information from a PA system of records and ensuring that all personnel who have access to those records are aware of their responsibilities for protecting personally identifiable information (PII).
Privacy Act Responsibilities
You play a very important role in assuring your command complies with the provisions of the PA. Accordingly:
- Do not collect personal data without authorization.
- Do not distribute or release personal information to anyone unless they have an official need to know.
- Do not be afraid to challenge anyone who asks to see PA information for which you are responsible.
- Do not maintain records longer than permitted.
- Do not place unauthorized documents in PA systems of records and/or commingle information about different individuals in the same file.
- Do not transmit personal data without ensuring it is properly marked: "FOR OFFICIAL USE ONLY – PRIVACY SENSITIVE - Any misuse or unauthorized disclosure can result in both civil and criminal penalties."
- Do not use interoffice envelopes to mail privacy data.
- Do not place privacy data on shared drives, multi-access calendars, the Intranet or Internet.
- Do not create a new system of records without first consulting your Privacy Act Coordinator.
Disposal methods are considered adequate if the records are rendered unrecognizable or beyond reconstruction. This includes shredding documents prior to placing them in a recycle bin.
Learn more about privacy; visit: http://www.doncio.navy.mil/privacy.