GSA Privacy Act Program

1.  Purpose.

This policy incorporates by reference the GSA Privacy Act Program Website as the official employee reference vehicle for GSA’s privacy program, policy and procedures. The GSA Privacy Act Program addresses information privacy and security issues, establishes GSA’s privacy policies and procedures, provides guidance and direction on implementing program requirements, defines privacy related contracting requirements, and assigns responsibilities to ensure compliance with the Privacy Act of 1974, as amended, and other applicable laws and regulations.

2.  Cancellation.

This Order cancels and supersedes CIO P 1878.1 GSA Privacy Act Program, dated September 2, 2014.

3.  Revisions.

     a.  Directive number changed to a new series of classification numbers for “Privacy Act and Personally Identifiable Information (PII)” related policies;

     b.  Outdated links updated;

     c.  Responsibilities section added; and

     d.  Updated references and the definition of PII.

4.  Policy.

In accordance with the Privacy Act of 1974, privacy protection is both a personal and fundamental right of any individual, whose personally identifiable information (e.g., social security number, date of birth, home address or personal email address) is collected, maintained, and used by GSA to carry out the agency mission and responsibilities and to provide services. OMB Circular A-130 defines Personally Identifiable Information (PII) as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. GSA’s policy is to safeguard personal information as mandated by laws and regulations. The GSA Privacy Act Program promulgates GSA policy for ensuring compliance with legal requirements to protect PII.