Privacy Act System of Records Notice Format and Instructions and Sample Notice
Privacy Act System of Records Notice Format and Instructions and Sample Notice
This part provides guidance for GSA officials and associates on preparing a Privacy Act system of records notice for publication in the Federal Register. The notice format is based on Federal Register standards and should be used for a new or revised system of records.
The Privacy Act requires that a notice describing each system of records proposed for establishment or significant revision by a Federal agency be published in the Federal Register for review and comment by the public and other interested parties as part of the prescribed review and approval process.
Whenever a GSA organization proposes to establish a new system of records or significantly revise an existing one, the program manager should notify the GSA Privacy Act Officer who will provide assistance in preparing a System of Records (SOR) notice using the prescribed format, coordinate its review and approval within GSA, and submit it for evaluation by OMB and Congress and for publication in the Federal Register.
Once the notice is published, interested parties may submit comments on the proposed system for a period of 30 calendar days after its publication. If no changes are required as a result of any comments, the system of records becomes official after the 30 day comment period. If changes are needed based on comments received, GSA program officials will either accommodate the changes in a revision to the original notice or resolve any issues that may have been raised.
Notice format and instructions
This is the standard format for a Privacy Act systems of records notice. Additional information may be provided in the notice as needed to ensure clarity and comprehensiveness:
GENERAL SERVICES ADMINISTRATION (GSA)
NOTICE OF PROPOSAL TO ESTABLISH/REVISE A
SYSTEM OF RECORDS UNDER THE PRIVACY ACT OF 1974
System number, System name, and System location: Identification data; any changes to these are not substantive.
Categories of individuals covered by the system: Which individuals can expect to find records about themselves in the system? All past and present GSA employees? Retirees? Applicants? Persons who need clearance? Adding or deleting a category is a significant change.
Categories of records in the system: This will be a fairly detailed list of all the data elements collected by the system. Managers need to pay particular attention to the data elements they need to take significant actions. Adding a record category is a significant change.
Authority for maintenance of the system: What law or regulation makes it necessary that the agency collect this information and make the uses of it that it does. This information seldom changes.
Purpose: A brief paragraph describing what the agency does with the information it has collected, and how this serves the agency's objectives. The purpose statement may change if the routine uses are added to or subtracted from. Such a change is significant.
Routine uses of records maintained in the system: This is a detailed list of what the agency does or might do with the information it collects on an individual. Courts have held that if an agency uses a record in a way that was not listed as a routine use, that use may not hold up in court. Changes in routine uses are very significant.
Storage: How are the records maintained? Describe paper and automated media.
Retention and disposal: Give the name and number of the Records handbook, plus any other relevant information about how and how long the records will be kept.
Program manager and address: Title (and name, if desired) and mailing address of the official responsible for the system.
Safeguards: A statement that describes how the records are kept safe from unintentional and/or unauthorized disclosure or use.
Notification procedure: Statement describing how individuals can find out if the system has a record on them.
Record access procedures: Statement describing how individuals can get access to records on them.
Contesting record procedures: Statement describing how individuals can contest the information in the system to delete or change it.
Record source categories: Statement describing where the records came from.
This is a sample Privacy Act systems of records notice published in the Federal Register. Additional examples of notices can be found on the Privacy Act Systems of Records site.
GENERAL SERVICES ADMINISTRATION (GSA)
REPORT OF A PROPOSED NEW RECORD SYSTEM
UNDER THE PRIVACY ACT OF 1974
1. Narrative statement. GSA proposes to establish a new system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a. The system will provide for the collection of information to track, verify, update, and manage the careers of the Federal government's employees in acquisition occupations and to manage the funds and the size and strength of the Federal acquisition workforce. The system information will be accessed and used by the employees themselves, their supervisors, training centers, and designated analysts and managers.
a. System name. Acquisition Career Management Information System (ACMIS) (GSA/OAP-2).
b. System Purpose. To establish and maintain an electronic system to facilitate the management of the Federal workforce in acquisition-related occupations.
c. Authority. Section 37 of the Office of Federal Procurement Policy Act (41 USC 433).
d. Effect of system on individual privacy. The system will provide management and the employees themselves the means for managing acquisition-related training. Information will be safeguarded according to established privacy rules and regulations.
e. Safeguards against unauthorized access. Records will be safeguarded in accordance with the Privacy Act requirements. Access will be limited to authorized individuals with passwords, and the database will be maintained behind a firewall certified by the National Computer Security Association.
2. Changes to existing agency rules. None.
3. Supporting documentation. A notice of the proposed system of records is attached.
GENERAL SERVICES ADMINISTRATION (GSA)
PROPOSED NEW RECORD SYSTEM
UNDER THE PRIVACY ACT OF 1974
GSA/OAP-2
System name: Acquisition Career Management Information System (ACMIS)
System location: The system is maintained for GSA under contract. Contact the System Manager for additional information.
Individuals covered by the system: Federal employees in acquisition and contracting jobs, including personnel in the 1100 occupational series, contracting officers, and other employees performing acquisition, contracting, and procurement functions for Federal agencies.
Records in the system: The system contains information needed for managing the careers and training of employees in the Federal acquisition occupational field. Records may include but are not limited to: (1) biographical data such as name, birth date, and educational level; (2) work related data such as service computation date and retirement information, duty station, occupational series and grade, and Social Security Number; and (3) training records.
Authority for maintaining the system: Section 37 of the Office of Federal Procurement Policy Act (41 USC 433).
Purpose: To establish and maintain an electronic system to facilitate the career management of Federal employees in acquisition occupations; to ensure that employees meet mandated training requirements; and to effectively manage training funds and the size and qualifications of the Federal acquisition workforce. The system provides to management and to employees in the system up-to-date information on employee certification levels, qualification standards, academic degrees, mandatory and other pertinent training, and warrant status.
Routine uses of the system records, including categories of users and their purpose for using the system.
System information may be accessed and used by employees themselves and their supervisors, designated analysts and managers, and training centers, to track, verify, and update system information. Designated program managers will use the information to manage training funds and the size and strength of the Federal acquisition workforce.
Information from this system also may be disclosed as a routine use:
a. In any legal proceeding, where pertinent, to which GSA is a party before a court or administrative body.
b. To a Federal, State, local, or foreign agency responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when GSA becomes aware of a violation or potential violation of civil or criminal law or regulation.
c. To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.
d. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), and the General Accounting Office (GAO) in accordance with their responsibilities for evaluating Federal programs.
e. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.
f. To a requesting Federal agency in connection with the hiring, retaining, or promotion of an employee where the information is relevant and necessary for the decision.
g. To authorized officials of the agency that provided the information for inclusion in ACMIS.
h. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of system records:
Storage: All records are stored electronically in web-based computer format.
Retrieval: Records are retrievable by name and/or Social Security Number. Group records are retrieved by organizational code.
Safeguards: System records are safeguarded in accordance with the requirements of the Privacy Act. Access is limited to authorized individuals with passwords, and the database is maintained behind a firewall certified by the National Computer Security Association.
Retention and disposal: System records are retained and disposed of according to GSA records maintenance and disposition schedules and the requirements of the National Archives and Records Administration.
Program manager and address: Director, Federal Acquisition Institute (MVI), General Services Administration, 1800 F Street, NW, Washington, DC 20405.
Notification procedure: Individuals wishing to inquire if the system contains information about them should contact the system manager at the above address.
Record access procedure: Individuals wishing to access their own records may do so by password. Requests for access also may be directed to the system manager.
Record contesting procedure: Individuals in the system may amend their own records online, or, as appropriate, request their manager or supervisor to amend the record.
Record sources: The sources for information in the system are the individuals for whom the records are maintained, the supervisors of those individuals, existing agency systems, and the Office of Personnel Management's (OPM) Central Personnel Data File (CPDF).
