Privacy Act
General Disclaimer
This system is made available by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of originators expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
I. Privacy Act of 1974, 5 USC 552A
On December 31, 1974, Public Law 93-579, entitled, "Government Organization and Employees" was enacted. Codified as Title 5 of the U.S. Code, it introduced Section 552a, which has come to be known as the "Privacy Act of 1974".
What is the purpose of the Privacy Act?
The purpose of this law is to balance the government's need to maintain information about individuals against unwarranted invasion of the individuals' personal privacy.
What are Privacy Act records?
Privacy Act records are those records collected, maintained and used by agencies in the executive branch of the federal government that contain personally identifiable information, i.e., are retrieved by an individual's name or other personal identifier.
Who may request Privacy Act records?
Only U.S. citizens and aliens admitted for permanent legal residence are permitted to obtain records under this statute. The Privacy Act does not apply to (i) state and local governments, unless such entities are involved in a computer matching program with the federal government, or (ii) private companies or organizations, unless these entities are under contract with the agency to maintain an agency-approved Privacy Act system of records.
What types of Department of Energy (DOE) records are considered Privacy Act records?
The records are published in DOE’s compilation of systems of records. See Compilation of Systems Records section.
What are the obligations of Federal agencies in maintaining Privacy Act records?
Agencies are required to:
- inform individuals why the information is being collected and how it will be used
- publish in the Federal Register a notice completely describing each Privacy Act system of records when it is established or amended, thus preventing secret record systems. The notice addresses how the government maintains a system of records on individuals, specifically
- System Number, Name and Location
- Category of Individuals on Whom Records are Maintained
- Categories of Records Maintained
- Authority for Maintenance of System
- Purpose
- Routine Uses
- Storage
- Retrievability
- Safeguards
- Retention and Disposal
- Name and Address of the System Manager
- Notification Procedures
- Record Access Procedures
- Contesting Record Procedures
- Record Source Categories
- Exemptions Claimed for the System;
- ensure that the information is accurate, relevant, complete and up-to-date;
- allow individuals access to records about themselves (most systems of records are releasable; although rarely used, the law provides that an entire system of records can be withheld from disclosure pursuant to any of the seven exemptions, such as national security or law enforcement);
- allow individuals to find out what records have been disclosed (the law provides conditions of disclosure with no written consent prior to disclosure); and
- provide individuals with the opportunity to correct inaccuracies in their records.
How can I request my Privacy Act records?
A Privacy Act request must be in writing, cite the Privacy Act, include the name, address and signature of the requester, satisfy requester identification requirements, and be as specific as possible to identify or describe the type of record(s) being sought. See the How to Submit a Privacy Act Request section.
Are there fees for Privacy Act records?
Reproduction fees may be assessed; however, except in unusual circumstances, an individual generally will receive a copy of the requested records at no charge.
When can I expect a response to my Privacy Act request?
Federal agencies are generally expected to acknowledge receipt of a Privacy Act request within 10 business days and respond within 30 business days.
DOE regulations provide that every effort will be made to respond to a request within 10 working days from the date of receipt. The ISC will acknowledge each request and notify requester with an anticipated response date. If the response date cannot be met, the requester will be contacted to secure a reasonable time extension.
What are the consequences if an individual requests Privacy Act records under false pretenses?
Individuals should take notice of the following penalties imposed on any person who knowingly, willingly, falsely, or fraudulently requests or obtains records concerning another individual from a Federal agency under the Privacy Act:
- shall be guilty of a misdemeanor and fined not more than $5,000; and
- may be subject to prosecution under other criminal statutes.
II. DOE Privacy Program
The DOE Privacy Program was established in 2009 under DOE O 206.1. The Program includes conduct of activities in accordance with the Privacy Act as well as conduct of other activities in furtherance of the protection of Personally Identifiable Information (PII). For more information about DOE’s Privacy Program, see the DOE Privacy website.
In accordance with DOE O 206.1, the Office of Science (SC) conducts a variety of activities to protect Personally Identifiable Information (PII) located at SC and ISC facilities (including the Site Offices it supports and associated national laboratories).