The Privacy Act requires federal agencies to publish a notice in the Federal Register for each system of records that an agency maintains. A system of records contains information that is retrieved by an individual’s name or other unique identifier. The notice ensures that privacy considerations have been addressed in implementing the system. GSA issues two types of notices. One is for internal GSA systems of records, and the other is for systems of records maintained by other agencies for which GSA has program responsibility.
Explanation of terms
Systems of records Under the Privacy Act, a system of records is a group of records from which information is retrieved by the name of an individual, or by any number, symbol, or other unique identifier assigned to that individual. GSA is responsible for two types of Privacy Act systems of records — those that are internal to GSA and those that are governmentwide and include other agencies’ systems as well as GSA’s, generally at an agency’s discretion.
- GSA’s internal systems of records: This type of system contains information that is collected and used to carry out GSA’s functions and associated tasks. It includes personal information of GSA employees and employees of organizations, such as small agencies, committees, and commissions, for which GSA performs agreed on support activities. GSA also collects and maintains personal information on private individuals in providing services to the public, and his type of system also is considered internal to GSA.
- GSA’s governmentwide systems of records: This type of system consists of record collections maintained by Federal agencies that pertain to GSA governmentwide programs for which GSA has responsibility in overseeing and directing the program or service. Examples include the Federal charge card program and the Access Certificates for Electronic Services (ACES) project.
Privacy Act systems of records notices (SORNs) The Privacy Act requires that a notice describing each system of records proposed for establishment by a Federal agency be published in the Federal Register for review and comment by the public and other interested parties. The notice allows questions to be raised and resolved before the system is put into effect and ensures that privacy considerations have been addressed.
Responsibilities
- Office of responsibility for systems of records: Responsible for identifying systems covered by the Privacy Act and ensuring that the system meets all information privacy and security requirements.
- System/program manager: Responsible for the content of the systems of records notice that is published in the Federal Register and for ensuring that the information in the notice is accurate and up-to-date.
- GSA Privacy Act Officer: Responsible for coordinating the publication of the Privacy Act notice.