U.S. Geological Survey Manual
319.1 - Privacy Act Program
OPR: Geospatial Information Office
Instructions: This chapter replaces Chapter 319.1, dated August 28, 1998.
1. Purpose and Scope. This chapter establishes USGS policy and responsibilities in implementing the requirements of the Privacy Act of 1974, as amended.
A. The Privacy Act of 1974, as amended, 5 U.S.C. 552a.
B. 43 CFR Part 2, Subject D, Privacy Act
C. OMB Circular A-130 – Management of Federal Information Resources.
D. E-Government Act of 2002, Section 208 – Privacy Provisions.
E. 3 5 CFR Part 297, Privacy Procedures for Personnel Records.
A. 383 DM 1-12 – DOI Manual on The Privacy Act
B. 319-1-H – USGS Guide for Handling Privacy Act Records
C. 432-1-H – Handbook for Managing USGS Records
D.SM 431.8 – Federal Register Documents
E. DOI Privacy Impact Assessment and Guide
4. Policy. The USGS maintains a Privacy Act Program established for developing policy and providing program oversight to comply with all applicable regulatory and statutory requirements and for reviewing new and existing Department of the Interior policies.
A. Maintain. As defined in the Privacy Act, the term "maintain" includes maintain, collect, use, or disseminate. With reference to a record subject to the Act, "maintain,” means the collection, use, or dissemination or any combination of these recordkeeping functions. It also connotes control over, responsibility, and accountability for systems of records.
B. Record. Federal records include all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of the records (44 U.S.C. 3301).
C. System of Records. A system of records (SOR) is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifier assigned to the individual.
D. System Notice. A system notice describes a system of records subject
to the Privacy Act to include: the system name, location, categories of individuals
covered by the system, categories of records in the system, statutory authority
for maintenance of the system, routine uses of the records maintained, to whom
disclosures can be made,
and other identifying characteristics of the system. A new system notice must be published in the Federal Register prior to establishment of each proposed new system. Revised system notices are required when a new routine use is being proposed for an existing system.
E. Disclosure. Disclosure means release of information contained in a system of records to any person (other than the person to whom the information pertains), including any employee of the USGS, the Department of the Interior, or employees of other Federal departments and agencies.
F. System Manager. A system manager is an official who has been designated in a system notice as having administrative responsibility for a system of records.
G. Privacy Impact Assessment (PIA). A PIA is an analysis of how information is handled: (1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and (3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
6. Objective.. The objectives of the USGS Privacy Act Program are as follows::
A. Ensure privacy considerations are addressed in the reengineering of our business processes through paper or electronic media.
B. Assist employees in identifying and addressing privacy information when planning, developing, implementing, and operating bureau information management systems that maintain information on individuals.
C. Ensure access to and disclosure of personally identifiable information is limited to individuals with an official need to know.
D. Manage, in accordance with all regulations, USGS systems of record notices and privacy impact assessments.
E. Manage studies of issues related to the Privacy Act and its application to procedures and processes used by USGS science.
7. Responsibilities. General responsibilities for maintaining the USGS Privacy Act Program are described below.
A. The Deputy Director, USGS, has responsibility for ensuring that all USGS programs and activities are in compliance with Federal Privacy Act regulations.
B. The Associate Director for Geospatial Information and Chief Information Officer has overall responsibility for ensuring that appropriate Privacy Act policies and procedures are planned and implemented in all USGS activities.
C. The USGS Privacy Act Officer is assigned responsibility for implementation of the Privacy Act and is responsible for ensuring bureau policies, standards, and procedures are consistent with those established by the Department of the Interior.
D. Regional Geospatial Information Officers are responsible for regional compliance with the Privacy Act Program.
E. System Managers/Owners are responsible for ensuring that the information collected and maintained in an information management system conforms to applicable legal, regulatory, and policy requirements regarding privacy.
F. All USGS Employees who are involved in the maintenance of records subject to the Privacy Act are responsible for properly safeguarding and administering these records in accordance with detailed guidelines and procedures contained in the USGS Guide for Handling Privacy Act Records (319-1-H).
Carol F. Aten
Associate Director for Administrative Policy and Services