P.1.1 This document provides specific, detailed procedural requirements for implementing the Privacy Act at the Johnson Space Center (JSC). The Privacy Act of 1974 (Public Law 93-579) provides safeguards to protect individuals from the invasion of their privacy by Federal agencies. This legislation places individual responsibility on Federal employees for safeguarding personal information.

P.2 APPLICABILITY

P.2.1 These procedural requirements apply to all organizational elements of JSC. For the purposes of this document, JSC includes JSC-Houston, White Sands Test Facility (WSTF), and other JSC locations administering prime contracts. They also apply to NASA contractors that create and/or maintain Privacy Act records or systems of records for, or on behalf of, NASA.

P.3 AUTHORITY

P.3.1 Administrative Procedure Act, Title 5, U. S. Code, Section 552a, as amended, “The Privacy Act of 1974”

P.3.2 NPD 1382.17, “NASA Privacy Policy”

P.3.3 14 CFR Part 1212, NASA Privacy Act Regulations

P.4 REFERENCES

P.4.1 JSC Announcement 02-017, “The Privacy Act and Your Responsibilities”

P.4.2 JPR 2810.1, “Johnson Space Center Information Technology Security Handbook”

P.5 CANCELLATION

P.5.1 JMI 1382.8E, dated 5/4/1995

1. RESPONSIBILITIES

1.1 Responsibilities

1.1.1 The Director of the Information Resources Directorate is designated as the JSC Privacy Officer and has authority for overall administration and coordination of JSC’s implementation of NASA Regulations. A JSC Privacy Act Manager has been selected by the Director to actively work with JSC personnel on matters regarding the day-to-day enforcement of the Privacy Act at JSC. Specific responsibilities include:

1.1.1.1 Ensuring that new systems of records or new routine uses of systems are established only in accordance with the requirements of NASA Regulations Part 1212, Privacy Act—NASA Regulations.

1.1.1.2 Ensuring that JSC employees receive appropriate instructions with respect to NASA Regulations and NASA standards of conduct relating to their activities relative to the Privacy Act and the possible penalties for noncompliance.

1.1.1.3 Reviewing and approving JSC operating plans for such systems of records for which JSC has responsibilities as system manager.

1.1.1.4 Developing and implementing procedural requirements necessary for achieving a coordinated JSC approach to ensure that NASA policies and requirements are accomplished.

1.1.1.5 Serving as the focal point for coordinating Privacy Act matters with the NASA Privacy Officer.

1.1.1.6 Ensuring that special reports are prepared.

1.1.2 System Managers. Each JSC System Manager is responsible for the following actions regarding his/her system of records:

1.1.2.1 Complying with NASA Regulations, Part 1212, as it pertains to his/her system of records.

1.1.2.2 Developing, implementing, and obtaining the approval of the JSC Privacy Act Manager for an operating plan to accomplish the responsibilities relating to his/her system of records. At a minimum, the plan shall:

1.1.2.2.1 Make basic assignments of responsibility for implementation of Privacy Act Regulations.

1.1.2.2.2 Identify by location (building, room, etc.) all areas where Privacy Act material is maintained and identify the type of material at the locations.

1.1.2.2.3 Identify, by title or name, individuals who have responsibility for safeguarding the Privacy Act information in each of the locations.

1.1.2.2.4 Identify, by title or name, individuals who have been approved to make actual disclosure of information. Identify the specific types of information which each individual can disclose and the specific classes of individuals or organizations to which each individual can make such disclosure.

1.1.2.2.5 Identify, by title or name, the individuals and their responsibilities relating to the accounting of disclosures.

1.1.2.2.6 Identify safeguarding procedures.

1.1.2.2.7 Identify specific types of privacy information that NASA personnel (e.g., supervisors) can retain in their work areas outside of the control of the system manager.

1.1.2.2.8 Identify the responsibilities of contractors, if any, who provide support to JSC in maintaining the system of records.

1.1.2.2.9 Identify the procedure used to ensure that employees working with the system of records receive appropriate instructions with respect to NASA regulations and NASA standards of conduct relating to their activities relative to the Privacy Act and the possible penalties for noncompliance.

1.1.2.3 Reporting to the JSC Privacy Act Manager the loss or theft of any Privacy Act record, as well as identifying any concern over a possible Privacy Act violation.

1.1.2.4 After consultation with the Legal Office, making reasonable efforts to serve notice on an individual about whom a record is being made available under compulsory legal process, when such a process may become a matter of public record.

1.1.2.5 Prior to disclosure of any record about an individual, ensuring that the record is first reviewed for accuracy, completeness, timeliness, and relevance.

1.1.2.6 In accordance with the requirements of the NASA Regulations, Part 1212.301, making an initial determination on an individual’s request to correct or amend his/her record.

1.1.2.7 Authorizing disclosures of a record from a system of records without the individual’s consent under NASA Regulations 1212.203(f) (1) through (12).

1.1.2.8 Consulting with other officials as indicated below, prior to making certain disclosures:

1.1.2.8.1 Disclosures under NASA Regulations 1212.203(f) (10), (11) – Chief Counsel.

1.1.2.8.2 Disclosures under NASA Regulations 1212.203(f) (9) – Assistant Administrator for Legislative Affairs and the NASA General Counsel.

1.1.2.8.3 Disclosures under NASA Regulations 1212.203(f)(3), for Standard Routine Uses 1 through 4 as set forth in Appendix B of the NASA system notices as published in the Federal Register and under NASA Regulations 1212.203(f)(7) – NASA General Counsel.

1.1.2.9 Working with the responsible Organizational Computer Security Manager (OCSM) to ensure that Information Technology (IT) systems running each Privacy Act application have met all appropriate JSC IT Security Program requirements (risk analysis, security plans, vulnerability scans, etc.).

1.1.3 The Chief, Security Office, Protective Services Division, is responsible for ensuring overall JSC compliance and consistency in the application and implementation of safeguard provisions of NASA Regulations. The Chief, Security Office, will review and approve written safeguard plans as part of the operating plan developed by each system or subsystem manager.

1.1.3.1 The stringency of such safeguards shall be related to the nature and purpose of the records themselves, with consideration given to the number and type of personal data elements contained in the system of records. The safeguard plan shall provide for the continuous security and confidentiality of the system of records and shall contain specific procedures for the secure transmission, storage, and destruction of the records. When a system of records is not under the actual custody and control of the system manager or his/her designee, it shall be maintained under locked conditions.

1.1.3.2 Copies of records contained in a NASA system of records or portions thereof, which are made and distributed to persons other than those having custody of the system of records, shall be prominently identified as records protected under the Privacy Act of 1974 and shall be subject to the same safeguard, retention, and disposition requirements as are applicable to the system of records.

1.1.3.3 Any system of records of the Office of Personnel Management (OPM) under JSC's control shall be subject to the safeguards prescribed by the regulations of the OPM. In the absence of OPM guidance, safeguards outlined in this document apply.

1.1.4 The Chief Counsel is responsible for consultation and interpretation of 5 U.S.C. 552a, as amended, and the NASA Regulations with respect to making determinations relating to the applicability of the Privacy Act, especially as they relate to the release or nonrelease of personal data to subject individual, employees, other routine users, and third parties. In any instance in which a NASA or JSC employee is sued in connection with any requirement or responsibility under the NASA Regulations, the matter shall promptly be referred to the Chief Counsel together with a report of the details.

1.1.5 The Director, Office of Procurement, is responsible for ensuring the effective implementation of appropriate regulations and procedures for those contracts which require the maintenance of a system of records to accomplish a function for or on behalf of NASA.

1.1.6 The Manager, White Sands Test Facility, is responsible for ensuring that NASA Regulations are implemented at WSTF. This responsibility includes designating a WSTF Privacy Officer and system/subsystem managers, as appropriate; developing and implementing necessary procedures; and ensuring that all WSTF personnel receive training. A WSTF Privacy Act operating plan shall be developed encompassing the same basic elements as outlined in paragraph 1.1.2.2 and submitted to the JSC Privacy Officer for approval.

1.1.7 The Director, Office of Public Affairs, is responsible for maintaining copies of all current NASA system notices as well as a copy of NASA Privacy Act Regulations (current copy of 14 CFR 1212) for public access and inspection in the NASA Information Center located at JSC.

1.1.8 JSC employees are responsible for adhering to the requirements of the Privacy Act of 1974 and to NASA Regulations relating to the Act. Each JSC employee shall observe the following standards of conduct:

1.1.8.1 An employee shall not maintain or establish a system of records which contains personal information about an individual without complying with NASA requirements, which generally require publication in the Federal Register of advance notice of the establishment of the system, together with a description of the system.

1.1.8.2 In maintaining a system of records, an employee shall not collect or retain information about individuals unless it is relevant and necessary to accomplish a purpose or to carry out a function of NASA, which is required to be accomplished or is authorized by statute or by Executive Order of the President.

1.1.8.3 An employee shall not disclose a record from a NASA system of records without the express consent of the individual to whom the record pertains, unless such disclosure is properly authorized. If there is any question as to whether a disclosure is properly authorized, the employee should consult with the Legal Office prior to any disclosure.

1.1.8.4 An employee shall not seek or obtain access to a record in a NASA system of records or to copies of any portion of such records under false pretenses. Only those employees with an official "need to know" may seek and obtain access to records pertaining to others.

1.1.8.5 Employees shall comply with safeguarding, retention, and disposal requirements printed on documents containing Privacy Act or personal information.

1.1.8.6 Employees shall refrain from discussing or disclosing personal information about others which they have learned or seen because of their official capacity.

1.1.8.7 To the extent that an individual contract provides for the maintenance of a system of records to accomplish a function for or on behalf of NASA, the requirements of paragraphs 1.1.8.1 through 1.1.8.6 shall apply to contractor employees who work under the contract.

1.1.8.8 A NASA employee who willfully disregards adhering to the Privacy Act may be subject to criminal penalties under 5 U.S.C. 552a(i)(1) and (2) which are quoted as follows:

"(1) Any officer or employee of an agency, who by virtue of his/her employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this section or by rules or regulations established there under, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000. (5 U.S.C. 552a(i)(1))

(2) Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000. (5 U.S.C. 552a(i)(2))"

1.1.8.9 An individual, including a NASA employee, who seeks access to a NASA record under false pretenses may be subject to criminal penalties under 5 U.S.C. 552a(i)(3).

1.1.9 Special Responsibilities Pertaining to Social Security Numbers:

1.1.9.1 It is unlawful for NASA to deny to any individual any right, benefit, or privilege provided by law, because of such individual's refusal to disclose his/her social security number, except in the following instances:

1.1.9.1.1 The disclosure is required by Federal statute; or

1.1.9.1.2 The disclosure is for a NASA system of records which was in operation before January 1, 1975, and such disclosure was required, under statute or regulation adopted prior to such date, to verify the identity of the individual.

1.1.9.2 Any time an individual is requested by NASA to disclose his/her social security number, the official requesting such disclosure shall inform the individual, in writing, whether that disclosure is mandatory or voluntary, by what statutory or other authority the number is solicited, and what uses will be made of it. This Privacy Act statement shall be included with all such disclosure requests. Assistance with writing the Privacy Act Statement can be obtained through the Legal Office.

2. PROCEDURES

2.1 Safeguarding Procedures
	2.1.1	The term record means any item, collection, or grouping of information about an individual including, but not limited to, education, financial transactions, medical history, and criminal or employment history, and that contains a name, or the identifying number, symbol, or other identifying particular assigned to the individual such as a finger or voice print or a photograph. (14 CFR 1212.101(c))
	2.1.2	The term system of records means a group of any records from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. (14 CFR 1212.101(d))
	2.1.3	Records Generated Outside a System of Records. A record generated outside a system of records shall be marked as prescribed in subparagraph 2.1.4 and covered with NASA Form 1534 if it is not stored as prescribed in paragraph 2.5.
	2.1.4	Records Leaving a System of Records. 2.1.4.1 Within a NASA Installation: 2.1.4.1.1 A record leaving a system of records which is not under the control of a system of records, system manager, or authorized representative shall, as a minimum, be conspicuously marked with the following NASA safeguard marking: ______________________________________________________ SUBJECT TO PRIVACY ACT OF 1974 When not under the continuing control and supervision of a person authorized access to this material, it must be, at a minimum, maintained under locked conditions. ______________________________________________________ If such marking is not practicable, as with the marking of a machine readable record, the record shall have attached a tag, sticker, or decal marked with the NASA safeguard marking or NASA Form 1534. 2.1.4.1.2. A record leaving a system of records and not under the control of a system manager or authorized representative or not packaged as prescribed in paragraphs 2.5.1.a and 2.5.1.b shall be covered with NASA Form 1534 prior to leaving the system. 2.1.4.2 To Government Activities. A record transmitted outside a NASA installation to any Government activity shall be marked as prescribed in paragraph 2.1.4.1.1.
	2.1.5 2.1.6	NASA Form 1534. NASA Form 1534 is the form to be used to protect unclassified records which are subject to the provisions of the Privacy Act. NASA Forms 1534 shall be obtained by accessing and printing the form from the Forms Web site at http://forms.jsc.nasa.gov/ All information stored in systems of records shall be safeguarded in accordance with 14 CFR 1212.605(a) through (d).
2.2 Safeguards
	2.2.1	Incoming Records. When an incoming record is received at a NASA installation by a person other than the system manager or authorized representative and a determination is made that it contains information subject to the Act, the person so determining shall have it marked and covered as prescribed in paragraph 2.1.4.1.1.
	2.2.2	During Use. A record shall be either under the continuing control and supervision of a person authorized by a system manager or designee(s) or stored in a manner as prescribed in paragraph 2.4 to preclude unauthorized access.
2.3 Processing and Reproduction
	2.3.1	System managers, for their respective records, shall specify to officials in charge of processing and reproduction those safeguards to be taken during the processing and reproduction of the records.
	2.3.2	The official in charge of a processing or reproduction facility will establish procedures for ensuring that while under the facility's control: 2.3.2.1 A record shall be processed or reproduced only as specified by the system manager. 2.3.2.2 A record shall be protected from unauthorized disclosure before, during, and after the processing or reproduction process. 2.3.2.3 Waste generated during these processes shall be disposed of as prescribed in paragraph 2.6.
2.4 Storage
	2.4.1	Whenever a record cannot be controlled or supervised in a manner to preclude unauthorized access, it shall be stored: a. In a locked room, b. In a locked filing cabinet or desk, or c. As approved by the Security Branch.
2.5 Transmission
	2.5.1	If a record cannot be prepared for transmission and transmitted as described below because of its size, weight, or nature, it will be prepared for transmission and transmitted as specified by the Security Branch. 2.5.1.1 Within a NASA Installation: (1) By a person authorized by the system manager, or (2) Via intra-installation distribution channels, provided the record is in a sealed envelope or package reflecting the addressee, by title, the return address, and marked: "TO BE OPENED BY ADDRESSEE ONLY." Such incoming records shall be opened as prescribed by the system manager. 2.5.1.2 By U.S. Postal Facilities: (1) Between NASA Installations. A record transmitted via "Express Mail Service" or messenger envelope; i.e., SF 65B or SF 65C, may be contained in a single envelope or other type of cover of sufficient strength to withstand rough handling. In addition to the addressee, by title, and the return address, the record's cover will be marked: "TO BE OPENED BY ADDRESSEE ONLY." A record transmitted by other postal methods shall be prepared as prescribed in paragraph 2.5.1.b.(2). (2) To Government and Nongovernmental Activities. The record shall be contained in a sealed inner and outer envelope or other type of double cover of sufficient strength to withstand rough handling. The addressee, by title, and the return address will be placed on both covers. In addition, the inner cover will be marked: "TO BE OPENED BY ADDRESSEE ONLY." 2.5.1.3 By Telegraphic Circuits: The telegraph message will reflect that it contains personal data by containing the phrase “Subject to Privacy Act of 1974.” 2.5.1.4 By Facsimile Circuits: (1) Between NASA Installations and to Government Activities. Documents transmitted by this means will be marked as prescribed in paragraph 2.1.4.1.1. (2) To Nongovernmental Activities. Documents transmitted by this means will be marked as prescribed in paragraph 2.1.4.1.1. (3) Receipt of Facsimile Documents. Documents without the NASA safeguard marking or similar safeguarding marking will be safeguarded as prescribed in paragraph 2.2.1. (4) By Telephone. Know and verify the identity and “need to know” of recipients.
2.6 Destruction
	2.6.1	When determined appropriate by the system manager and when authorized by the provisions of NPR 1441.1, "NASA Records Retention Schedule,” a record shall be destroyed in such a manner as to be reasonably sure that the data cannot be reconstructed from the residue.
	2.6.2	To avoid overloading destruction facilities, destruction shall be limited to those records, or portions thereof, which actually come under the provisions of the Act.
2.7 Disclosures
	2.7.1 2.7.2 2.7.3 2.7.4 2.7.5	The system manager shall keep a disclosure accounting for each disclosure to a third party of a record from a system of records. Disclosure accounting shall be done in accordance with 14 CFR 1212.203 (a) through (f). A record within a system of records and under the physical control of a system manager or designee(s) need not be marked with the NASA safeguarding marking or covered with a NASA Form 1534. When records or copies of records are distributed within NASA, they shall be prominently identified as records protected under the Privacy Act and shall be subject to the same safeguard, retention, and disposition requirements applicable to the system of records. When records or copies of records are distributed to other federal agencies, other than those having custody of the systems of records, they shall be prominently identified as records protected under the Privacy Act. Records that are otherwise required by law to be released to the public need not be safeguarded or identified as Privacy Act records (see 5 U.S.C. 552a (b) (1) through (b)(12) for the twelve exceptions to the “no disclosure without consent” rule).

APPENDIX A - ADVISORIES

SAFEGUARDING PROCEDURES. For the purpose of this Instruction, a record may be a single document, a file of documents, or machine readable items, i.e., disk, magnetic tapes, film, punched card, electronic message (e-mail), etc.

Machine Readable Records. In addition to any safeguarding marking(s) and whenever practicable, it is suggested that such a record be color-coded (green with a stripe, tag, etc.) even though it is within a system of records. Such coding will permit quick identification of selection of that material which requires safeguarding.